Questions on fail over
- From: Jim Prato <jprato@xxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 3 Oct 2003 10:56:30 -0500
Hi Guys,
I have been doing considerable research regarding the use of ISA to provide
internet mail services of EXCHANGE by either:
publishing RPC for OUTLOOK access or
publishing EXCHANGE server running OWA.
In either case we would have a PIX firewall, with single ISA server behind
it, and all MS machines (EXCHANGE, other F and P, and DCs) behind it.
It has been stated that PIX fails closed and the question asked what if ISA
fails? How does it fail: open or closed?
Based on my research and taking note in the certifications ISA has earned, I
conclude it must fail closed, but that is not officially substantiated.
I feel confident in proposing one of these solutions, but I find myself
needing more compelling evidence to present to my peers and management.
Opponents to my proposal are calling for WEB MAIL or SQUIRREL mail in a
perimeter network, on either an MS IIS or LINUX APACHE machine.
I have taken MS ISA training, bought the books (including ISA ISA and BEYOND
and EXCHANGE 2000 24/7), monitored discussion on this list for several
months, and tried to gather as much information as I possibly can.
I have the MS TechNet article regarding the use of ISA to publish RPC and
reduce its vulnerabilities and associated top 20 (10 MS and 10 UNIX)
vulnerabilities list.
Any comments or direction greatly appreciated; or a pole.
Thanks.
jp
Jim Prato
MS LAN and E-Mail Administrator
Texas State Library
512-463-5451
JPrato@xxxxxxxxxxxxxxx
Other related posts:
