RE: RES: RE: ISA in DMZ

• From: Troy Radtke <TRadtke@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 30 Nov 2004 15:13:27 -0600

Well, and you're about to hear me say it again:
 
Strength in diversity.
Strength in layers.
Strength in redundancy.
Best tool for the job.
 
Personally, I feel nice and protected at home with my PIX and my ISA.  My
PIX is in front bouncing packets that have no business coming into my
network on ports I don't want coming in at all.  ISA is looking at the
conversations and payloads to make sure something isn't ridding on top of
something else.  Hardware is faster at mass checking.  Software is easier to
use and understand.  I'd rather not try to write 500 to 600 ACL's for my PIX
if I don't have to.
 
Of course, you could just use the AK47 for everything, but I prefer a
paintball gun when I'm out in the woods with my friends....  At close range
it's gotta hurt a hell of a lot more to get hit with a paintball than
getting shot with a bullet.(especially when they are frozen...)  If you
don't believe me, shoot yourself in the arm sometime with a paintball gun if
you have a few days where you don't want to be able to lift anything......
And it leaves a wicked-large bruise the size of a smaller dinner plate
that'll make you cry if something brushes against it..... Just make sure you
wear a mask so you don't get paint splatter in your eyes... =?)

-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] 
Sent: Tuesday, November 30, 2004 2:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RE: ISA in DMZ


http://www.ISAserver.org


LOL!!!!!

 


  _____  


De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Enviada em: terça-feira, 30 de novembro de 2004 14:47
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: ISA in DMZ

 

http://www.ISAserver.org

Hi Russ,

 

You need the second NIC on the ISA firewall to make up for the lack of
security your hardware packet filter provides your network. Why have an ISA
firewall and not use it as a firewall? Sort of like like saying "why should
I use an AK47 when I have a water pistol to protect me?". Use your ISA as
your AK47 and your packet filter water pistol to scare off the kids.

 

HTH,

 

Tom
 <http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
 <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

 


  _____  


From: Rimmerman, Russ [mailto:rimmermanr@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, November 30, 2004 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA in DMZ

http://www.ISAserver.org

We have an ISA 2004 server in our DMZ (DMZ setup on a hardware firewall). 

 

We want to make our OWA front-end server that is on our internal network
accessible to external users.  To do that, we put the ISA server on the DMZ.
I then installed SSL certs on the ISA and OWA.  Then I followed the
instructions called "Publishing OWA Sites using ISA Firewall Web Publishing
Rules" and ended up having to enable the 2nd NIC in the ISA server to get it
to work.  Does ISA 2004 require two NICs to reverse proxy SSL?  I got it to
work with HTTP using one NIC, but can't get it to work with SSL.  

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » RES: RE: ISA in DMZ
• » RE: RES: RE: ISA in DMZ
• » RE: RES: RE: ISA in DMZ

1. Home
2. isalist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---