[isalist] Re: Real Newbie Question
- From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 23 May 2006 10:19:02 -0700
There are differencing opinions about should ISA be a member of the internal
domain, but as long as the ISA server is properly maintained and configured,
there is no reason not to have it a member of the internal domain and there
are reasons for having it a member of the internal domain.
John T
eServices For You
"Seek, and ye shall find!"
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Reimer, Mark
Sent: Tuesday, May 23, 2006 8:31 AM
To: ISA Mailing List
Subject: [isalist] Real Newbie Question
Hi folks,
Design question. We are going to install ISA 2004 as our perimeter firewall
with 3 legs (outside, dmz, internal). I've read that the ISA box should not
be part of the internal domain for security reasons (if someone breaks into
the ISA server box, they haven't compromised the internal AD). But, I
basically want to only allow internal AD users to have access to the
internet through the ISA server. There will be some short term (a few hours
at a time) exceptions, but this is the general plan.
What do most people do? Use a Radius server on the internal side to
accomplish the above goals? Or install ISA as a member server of the
internal domain?
We are a windows shop, Win2K3 servers all around.
Is there a source of info that would help explain the best method of
setting up and ISA server.
Thanks.
Mark
-------------------------------
Mark Reimer
Windows Servers & Networking
Prairie Bible Institute
Box 4000
Three Hills, AB T0M-2N0
Canada
403-443-5511
www.prairie.edu
Other related posts:
