Hi, In order to get things rolling quickly, I've been asked to just concentrate on the proxy server part of ISA and worry about the firewall later. I have a couple more questions, though. You mentioned the external interface is the one with the gateway. But if the internal interface doesn't have a gateway, how will ISA server know how to get to our different subnets? That was the reason I asked if I need to add routes. The other thing is my company is insisting that we run some other things on the same server as ISA (to save money on servers) and my recommendation to not do this has gone unheeded. They want to run Microsoft SUS and RIS server. Can you give me valid reasons I can present to my management why it isn't a good idea to run these on the same server? Our company has about 350 employees. Lastly, how can I obtain a copy of the Quick Start guide? The company I work for seems to want to implement ISA server quickly. Thanks. -- "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote: http://www.ISAserver.org Hi John, Several tips to help you get up and running with the ISA firewall: 1. Install the ISA firewall as a back-end ISA firewall with at least two NICs. Running the ISA firewall in unihomed single-NIC mode is like taking three wheels off a Ferrari because it "goes too fast". 2. Don't run Web sites on the ISA firewall. If you have a Checkpoint Server, but the Web sites on that. Even better, put them on a protected network. 3. The ISA firewall doesn't use a LAT. 4. Install as many interfaces on the ISA firewall as you like. Just one is the External interface and that is the one with the default gateway. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: vesterby@xxxxxxxx [mailto:vesterby@xxxxxxxx] Sent: Tuesday, September 07, 2004 8:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Server 2004 Issues http://www.ISAserver.org Hi, I'm new to ISA Server and could use some recommendations regarding some issues I'm having with installing ISA Server 2004 (Standard Edition). We are currently using an NT domain and plan to migrate to an Active Directory domain within the next 3 months. I installed ISA Server 2004 with a single network adapter (caching only), but when I try to access the server for http access to the Internet, I am prompted for authentication but when I log in, nothing happens. It is set up for integrated authentication. I think part of the problem (which I'll test tomorrow) is that IIS is also installed and is listening on port 80 - the same port that I have ISA Server listening on. We currently have Proxy Server 2.0, which is integrated with IIS, so I had installed ISA Server with IIS thinking that it needed it but then realized it didn't. There are a couple of other issues too, including: 1) I'm not sure the LAT table is correct - does the caching server even need the LAT table? I'm thinking it needs it if I use the firewall (we have 2 X Nokia Checkpoint firewalls but I had considered using the firewall feature in ISA to make it a backend firewall for more security). We have a 192.236.x.x/22 network and also a 10.10.1.x/24 network. 2) The server I built has a default gateway but there may be cases with ISA where I want to take the default gateway out and add static routes. If you could provide recommendations on the above issues, I'd really appreciate it. Thanks. - John ________________________________________________________________ Get your name as your email address. Includes spam protection, 1GB storage, no ads and more Only $1.99/ month - visit http://www.mysite.com/name today!