http://www.ISAserver.org ------------------------------------------------------- SBS is just a collection of servers residing on one box. It doesn't freak out any more than any other box. A DMZ is possible and you can install as many NICs as you wish into the SBS box. (see the blog) However, the connect to the internet wizard is only aware of 2 NICs. If you want to use that wizard and you have more than 2 NICs installed disable the additional NICs, run the wizard and then enable them. Your suggestion of putting an ISA server in front of the SBS box is a good one but keep in mind that you'll have to purchase the licenses for it. The SBS license doesn't allow you to split off anything. Because of the cost of doing this most small businesses don't host their own website. Hosting is so inexpensive these days it's hardly worth hosting your own site. Amy Babinchak Harbor Computer Services (248) 546-6056 office (248) 890-1794 mobile http://isainsbs.blogspot.com http://keepitsecure.blogspot.com http://www.harborcomputerservices.net -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve diMascio Sent: Wednesday, September 20, 2006 6:14 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Putting ISA2k4 infornt of SBS http://www.ISAserver.org ------------------------------------------------------- I've been asked to put a webserver online on an SBS2k3 (premium) installation. Obviously id prefer this webserver to be in a dmz, but the topology for sbs seems to not like this concept? 3 nics in sbs = wizard-killer? Or sbs-killer? As the company is growing in size (and surface), it seems like now's a good time to review there attack surface also. What I'm looking at is placing a front-end isa2k4 infront of sbs2k3 (with isa2k4), and using the front-end isa to direct the webserver traffic to a perimeter network, and the rest to the sbs box. I've had a look round and cant find many articles on this setup. I did read an article on isainsbs written by Amy, though there wasn't any info on how this scenario may affect the sbs box or its wizards. Anyway my reasoning for going this route is to get a couple of extra servers in there to reduce the one time cost of ditching sbs and separating the severs out, also having a dedicated (uncastrated isa) firewall will help me sleep better at night. The company has a server that's suitably specd to carry out the job, so the costs going to be isa (single proc). And they can live with that. So is this a viable solution, can sbs (premium) live behind a dedicated isa box without freaking out ? Or is there a better solution for them. Steve ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx