RES: RE: RES: RE: ISA in DMZ
- From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 1 Dec 2004 18:17:46 -0200
wow Troy, why so much security at home? I barely have one firewall ;) Mine´s
not even a water pistol!
Tiago
_____
De: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Enviada em: terça-feira, 30 de novembro de 2004 19:13
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: RES: RE: ISA in DMZ
http://www.ISAserver.org
Well, and you're about to hear me say it again:
Strength in diversity.
Strength in layers.
Strength in redundancy.
Best tool for the job.
Personally, I feel nice and protected at home with my PIX and my ISA. My PIX
is in front bouncing packets that have no business coming into my network on
ports I don't want coming in at all. ISA is looking at the conversations and
payloads to make sure something isn't ridding on top of something else.
Hardware is faster at mass checking. Software is easier to use and understand.
I'd rather not try to write 500 to 600 ACL's for my PIX if I don't have to.
Of course, you could just use the AK47 for everything, but I prefer a paintball
gun when I'm out in the woods with my friends.... At close range it's gotta
hurt a hell of a lot more to get hit with a paintball than getting shot with a
bullet.(especially when they are frozen...) If you don't believe me, shoot
yourself in the arm sometime with a paintball gun if you have a few days where
you don't want to be able to lift anything...... And it leaves a wicked-large
bruise the size of a smaller dinner plate that'll make you cry if something
brushes against it..... Just make sure you wear a mask so you don't get paint
splatter in your eyes... =?)
-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Tuesday, November 30, 2004 2:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RE: ISA in DMZ
http://www.ISAserver.org
LOL!!!!!
_____
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Enviada em: terça-feira, 30 de novembro de 2004 14:47
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: ISA in DMZ
http://www.ISAserver.org
Hi Russ,
You need the second NIC on the ISA firewall to make up for the lack of
security your hardware packet filter provides your network. Why have an ISA
firewall and not use it as a firewall? Sort of like like saying "why should I
use an AK47 when I have a water pistol to protect me?". Use your ISA as your
AK47 and your packet filter water pistol to scare off the kids.
HTH,
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
_____
From: Rimmerman, Russ [mailto:rimmermanr@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, November 30, 2004 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA in DMZ
http://www.ISAserver.org
We have an ISA 2004 server in our DMZ (DMZ setup on a hardware
firewall).
We want to make our OWA front-end server that is on our internal
network accessible to external users. To do that, we put the ISA server on the
DMZ. I then installed SSL certs on the ISA and OWA. Then I followed the
instructions called "Publishing OWA Sites using ISA Firewall Web Publishing
Rules" and ended up having to enable the 2nd NIC in the ISA server to get it to
work. Does ISA 2004 require two NICs to reverse proxy SSL? I got it to work
with HTTP using one NIC, but can't get it to work with SSL.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
