Yep, I was reminded of that :) Sorry for mis-speaking. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 25, 2003 3:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA running as reverse proxy and firewall http://www.ISAserver.org Hi Shawn, What about when ISA Server does SSL to SSL or SSL to HTTP bridging? In that case, ISA Server decrypts the packet and either sends it in the clear, or re-encrypts it. In both circumstances, the header information is available to Web Filters, so full Application Layer examination can take place. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Tuesday, February 25, 2003 2:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA running as reverse proxy and firewall http://www.ISAserver.org The term "firewall" is very broad and just depends on the definitions of the parties involved. An acl router could be termed a firewall. What he's talking about when saying application level firewall is something that monitors the commans of application level protocols (Gauntlet is another example). Thus ISA would be monitoring things like HTTP gets/posts/heads, etc and ftp gets/puts/ etc as opposed to what you're talking about at the packet level. Yes ISA does this for HTTP, but not HTTPS because of the nature of the protocol. The only application level command you'll see with HTTPS is CONNECT, everything else will be encrypted. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx] Sent: Tuesday, February 25, 2003 2:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA running as reverse proxy and firewall http://www.ISAserver.org > I call "normal" firewall to a packet level firewall; application firewall > for me it´s a firewall that it´s able to check what the users do (for > example, if anything it´s trying to inject code). Is it the ISA server > able to check this type of attacks ? Checking to see if code is being injected into a return packet would be caught at the packet level of the firewall, meaning the normal function of a full firewall, as the injected code was not part of the request and the firewall would see it as different and reject it. Yes, ISA does that. Having the firewall take action or inaction based on other than IP falls more into integration. ISA allows integration with users and groups and domains and allows for rules and policies based on those. CACHE only mode does not provide packet evaluation, and is therefore not a firewall but as the name says. Its only "firewall" properties are in masking either the source or destination depending upon use. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')