Thanks for the reply. jp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, October 03, 2003 2:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Questions on fail over http://www.ISAserver.org ISA fails "closed". If any of the ISA services fail (of which there are four), then that traffic no longer passes. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Jim Prato" <jprato@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, October 03, 2003 08:56 Subject: [isalist] Questions on fail over http://www.ISAserver.org Hi Guys, I have been doing considerable research regarding the use of ISA to provide internet mail services of EXCHANGE by either: publishing RPC for OUTLOOK access or publishing EXCHANGE server running OWA. In either case we would have a PIX firewall, with single ISA server behind it, and all MS machines (EXCHANGE, other F and P, and DCs) behind it. It has been stated that PIX fails closed and the question asked what if ISA fails? How does it fail: open or closed? Based on my research and taking note in the certifications ISA has earned, I conclude it must fail closed, but that is not officially substantiated. I feel confident in proposing one of these solutions, but I find myself needing more compelling evidence to present to my peers and management. Opponents to my proposal are calling for WEB MAIL or SQUIRREL mail in a perimeter network, on either an MS IIS or LINUX APACHE machine. I have taken MS ISA training, bought the books (including ISA ISA and BEYOND and EXCHANGE 2000 24/7), monitored discussion on this list for several months, and tried to gather as much information as I possibly can. I have the MS TechNet article regarding the use of ISA to publish RPC and reduce its vulnerabilities and associated top 20 (10 MS and 10 UNIX) vulnerabilities list. Any comments or direction greatly appreciated; or a pole. Thanks. jp Jim Prato MS LAN and E-Mail Administrator Texas State Library 512-463-5451 JPrato@xxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jprato@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')