RE: ISA Server 2004 Standard Edition SP1
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 2 Mar 2005 12:17:33 -0800
Hi Dan,
Did you miss the "it depends" part?
If you configure the FWC statically, it will block.
If you have it configured "automatically", it will self-disable.
The same is true for IE - auto-detection is the on ly way you can reliably move
between ISA- and non-ISA-served networks.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
________________________________________
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Wednesday, March 02, 2005 11:28
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server 2004 Standard Edition SP1
http://www.ISAserver.org
Okay, found the message I was referring to...
Quote:
-----------------------------------------------------
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Saturday, 29 January 2005 1:04 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Firewall client with vpn
http://www.ISAserver.org
The answer is:
- it depends...
Case 1 - the FWC is configured to "automatically detect": the FWC will seek out
the ISA it last knew of and if that fails, it will try auto-detection (wpad).
If that also fails, FWC will self-disable, but retry every so often. This
leaves the WFC host acting as a SecureNET client.
Case 2 - the FWC is configured to use a specific ISA: the FWC will attempt to
contact that ISA and if this fails, will block non-local-subnet Winsock traffic
completely.
What this boils down to is if your cross-VPN name resolution sucks, so will the
client experience.
-----------------------------------------------------
End Quote...
So, if it doesn't work like this in actual practice, how is it "supposed" to
work?
________________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, March 02, 2005 14:02
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server 2004 Standard Edition SP1
http://www.ISAserver.org
Hi Dan,
I'm just telling you how it works in practice for me. It appears to shut itself
off if it can't find the ISA firewall.
HTH,
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
