ISAserver.org - Monthly Article Update Hi ISAlist, New articles added to ISAserver.org last month: Title: Supporting ISA Firewall Networks Protecting Illegal Top-level Domains: You Need a Split DNS! Author: Thomas Shinder Summary: Of all the issues in ISA firewall networking, the one that most commonly gets people hot under the collar is that of the split DNS. I’ve never been able to figure out why barriers go up for a lot of folks when you begin to talk about a split DNS. Maybe it’s because they believe they need to rename their internal network domains, or that they think there is an adverse security impact, or maybe its just because DNS is so difficult to understand in the first place, that the idea of further complicating the issue puts them over the edge. Link: http://www.ISAserver.org/tutorials/2004illegaltldsplitdns.html Title: Playing Well with Others: Configuring the ISA Firewall on a PIX DMZ for Secure Remote Access to OWA and other Exchange Services Author: Thomas Shinder Summary: One issue that I rarely had to deal with before ISA Server 2004 came out was whether an organization needed to remove its current PIX firewall infrastructure to securely support ISA Server 2000 remote access scenarios to Exchange Server. Unlike the new ISA firewall, organizations considered the ISA Server 2000 to be primarily a Web proxy server akin to Proxy Server 2.0. Since there was this perception of ISA Server 2000 being only a proxy server, there was never a question on whether the PIX should stay where it was. The questions were more along the lines of where best to put ISA Server 2000 behind the PIX. Link: http://www.ISAserver.org/tutorials/2004isapixdmz.html Title: Enabling DHCP Relay for ISA Firewall VPN Clients Author: Thomas Shinder Summary: We all know that the ISA firewall provides unparalleled firewall protection when the ISA firewall is placed on the Internet edge, DMZ, or on one of the perimeters of you internal network security zones. In addition to the ISA firewall’s state of the art stateful packet and application layer inspection mechanisms, the ISA firewall is a one of a kind VPN server and VPN gateway that allows both remote access and VPN gateway connections to the ISA firewall. Of all the VPN devices I’ve ever worked with (and I’ve worked with a lot of them), the ISA firewall’s VPN is the easiest to configure and the most secure I’ve ever seen. Link: http://www.ISAserver.org/tutorials/2004dhcprelay.html Title: The Mystery of the failing POP3 Access with ISA 2000 Author: Stefaan Pouseele Summary: You have configured your ISA 2000 server and internal clients according to best practices. Everything is running smoothly except that a lot of users are complaining about connection problems when accessing an external POP3 server. If you want to know why this can happen and how to solve that problem, read on. Link: http://www.ISAserver.org/articles/ISA2000_POP3Access.html Title: Remote Access VPN and a Twist on the Dangers of Split Tunneling Author: Thomas Shinder Summary: If you ever want to get a rise out of your ISA firewall VPN administrator, try asking him how you enable split tunneling for your remote access VPN client connections. Split tunneling is a major security risk for any organization that deploys any type of VPN server enabling users VPN remote access to the corporate network. All firewall and security administrators know of the dangers of split tunneling and do whatever they can to prevent this from happening. Link: http://www.ISAserver.org/tutorials/2004fixipsectunnel.html Title: Enabling Internet Access for VPN Clients Connected to an ISA Firewall Author: Thomas Shinder Summary: A problematic situation with the ISA Server 2000 firewall was that once a VPN client connected to the ISA Server 2000 firewall, they could not connect to the Internet using their default SecureNAT client configuration. Link: http://www.ISAserver.org/tutorials/2004vpnclientnetaccess.html Visit the Subscription Management (http://newsletter.isoftmarketing.com/) section to unsubscribe. ISAserver.org is in no way affiliated with Microsoft Corp. For sponsorship information, contact us at advertising@xxxxxxxxxxxxx Copyright © ISAserver.org 2005. All rights reserved.