ISA between internal network and Checkpoint FW1
- From: Paul Hutchings <PAUL.HUTCHINGS@xxxxxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 28 Jan 2002 13:16:35 -0000
Hello All,
Currently have:
Internal clients -> Router ->FW1 -> Internet
Clients have access through static IP rules configured on Checkpoint.
Due to migration to Windows 2000 Domain, and partial DHCPI would like to
install ISA server to allow greater control of Internet access through use
of users/groups, as well as a few instances of Static IP.
I'd like to keep checkpoint at the edge of the network and have ISA as
follows:
Internal clients -> Router -> ISA -> FW1 -> Internet
If I do this, the Internet connection is effectively being made by ISA, so I
have configured FW1 to allow ISA full outbound access.
My queries are as follows:
How can I best phase in ISA given the current config? As I see it I would
have to either allow everybody access through ISA and gradually lock it down
before removing the "anyone" rule, or have my users/groups/static IP's
already setup before making the ISA box live?
Also are there any best practices on how to install the Firewall client on
existing machines - mix of 95/NT/2000, not all users have local admin
rights.
Many thanks in advance,
Paul
--
Paul Hutchings
Network Administrator
Tel: 024 7635 5378, Fax: 024 7635 8378
mailto:paul.hutchings@xxxxxxxxxx
Other related posts:
- » ISA between internal network and Checkpoint FW1
