http://www.ISAserver.org ------------------------------------------------------- Thanks Amy, I read the blog,(in fact I read most of the site - I hadn't been there since I saw your isa 2004 sp1 config presentation which I found really helpful at the time). I did actually set this up yesterday on a test server and it seemed to work well, but I came across a few posts suggesting the scenario was not a good idea. thanks for the clarification of the number of nics too,(this was the root argument that the configuration could/would kill the sbs box). however, seeing as though I have the go ahead for a front end ISA (licences inc) I may go with that and separate the web server at the perimeter of the front end firewall. Toms hit the nail on the head, controls the name of the game at this site, the business owners been burnt from less than adequate hosting in the past, and he refuses to go back, period. Thanks all. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: 20 September 2006 12:52 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Putting ISA2k4 infornt of SBS http://www.ISAserver.org ------------------------------------------------------- SBS is just a collection of servers residing on one box. It doesn't freak out any more than any other box. A DMZ is possible and you can install as many NICs as you wish into the SBS box. (see the blog) However, the connect to the internet wizard is only aware of 2 NICs. If you want to use that wizard and you have more than 2 NICs installed disable the additional NICs, run the wizard and then enable them. Your suggestion of putting an ISA server in front of the SBS box is a good one but keep in mind that you'll have to purchase the licenses for it. The SBS license doesn't allow you to split off anything. Because of the cost of doing this most small businesses don't host their own website. Hosting is so inexpensive these days it's hardly worth hosting your own site. Amy Babinchak Harbor Computer Services (248) 546-6056 office (248) 890-1794 mobile http://isainsbs.blogspot.com http://keepitsecure.blogspot.com http://www.harborcomputerservices.net -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve diMascio Sent: Wednesday, September 20, 2006 6:14 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Putting ISA2k4 infornt of SBS http://www.ISAserver.org ------------------------------------------------------- I've been asked to put a webserver online on an SBS2k3 (premium) installation. Obviously id prefer this webserver to be in a dmz, but the topology for sbs seems to not like this concept? 3 nics in sbs = wizard-killer? Or sbs-killer? As the company is growing in size (and surface), it seems like now's a good time to review there attack surface also. What I'm looking at is placing a front-end isa2k4 infront of sbs2k3 (with isa2k4), and using the front-end isa to direct the webserver traffic to a perimeter network, and the rest to the sbs box. I've had a look round and cant find many articles on this setup. I did read an article on isainsbs written by Amy, though there wasn't any info on how this scenario may affect the sbs box or its wizards. Anyway my reasoning for going this route is to get a couple of extra servers in there to reduce the one time cost of ditching sbs and separating the severs out, also having a dedicated (uncastrated isa) firewall will help me sleep better at night. The company has a server that's suitably specd to carry out the job, so the costs going to be isa (single proc). And they can live with that. So is this a viable solution, can sbs (premium) live behind a dedicated isa box without freaking out ? Or is there a better solution for them. Steve ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx