nice argument! care to elaborate.. TM - i take your point about beta testers and less beta machine available to be vulnerable but it is my hard and fast rule not to deploy beta software on mission critical boxes. Mail/Firewall/Database/File etc.. These boxes of mine (big clients) generally operate on SLA's (24x7 99.9% etc etc) which means that software that is run in production needs to have a support contract, and these are not normally available on Betas ;) If the firewall goes balls up, regardless of vulnerability, lets say untested environment tweaks or configuration then it effects the whole network. So - if you care about your business data, systems, security, integrity at all - Dont! but thats my opinion take all then opinions given and weigh up your options.. Greg Mulholland ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Steve Moffat Sent: Mon 22/05/2006 10:25 AM To: ISA Mailing List Subject: [isalist] Re: SME LAN and ISA Absolutely agree. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Sunday, May 21, 2006 7:02 PM To: ISA Mailing List; Greg Mulholland Subject: [isalist] Re: SME LAN and ISA Don't listen to Greg. Use ISA2006 all you want (if you know what you are doing.) t On 5/21/06 2:21 PM, "Greg Mulholland" <greg@xxxxxxxxxxxxxx> spoketh to all: and dont use isa 2006!! its beta.. use 2004.. Greg Mulholland ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Egyptian Mind Sent: Mon 22/05/2006 1:45 AM To: isalist@xxxxxxxxxxxxx Cc: gen_sib@xxxxxxxxx Subject: [isalist] Re: SME LAN and ISA http://www.ISAserver.org ------------------------------------------------------- 1- install the ISA server after the adsl router and before the switch. 2- put two interface cards in the server 3- attach one interface with the adsl router ( outside ) and the other to the unmanged switch ( inside ) 4- assign an IP from your local lan to the inside interface 5- assign any IP of the range that given from the ISP ( after the router nat ) to the ouside interface 6- make ur own rules on the ISA server BASIC SME NETWork SETUP Internet Cloud | | | | ADSL (AZTECH ETHERNET USB) Broadband Router DHCP | _____________________________ | | | |___outside interface ( 10.11.1.1/24) | ISA Server ___insdie interface ( 192.168.1.1/24 ) | | |_____________________________| | |______________________ LoCAL AREA NETWORK (Unmanaged Switch) LAN IP Address 192.168.1.0/24 ______________________________ SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*) AD OpenSource Helpdesk System DHCP OpenSource Network Monitoring(nagios, nmis) DNS SMS Pager Intranet AV(clamWin Free AV) Accounting MAILs (Pulled from ISP thru pop3 connector) CRM WSUS AV (clamWin Free AV + AVG) !~` Yesterday is a History` ~! !~` Tomorrow is a Mystery` ~! !~` Today is a Gift` ~! !~` So we call it ...............` ~! !~` Present .......Simple` ~! Mob : +966 50 2953591 ________________________________ From: Gene Sibbs <gen_sib@xxxxxxxxx> Reply-To: isalist@xxxxxxxxxxxxx To: isalist@xxxxxxxxxxxxx Subject: [isalist] SME LAN and ISA Date: Sun, 21 May 2006 02:25:59 -0700 (PDT) Greetings, I have attached a basic LAN setup diagram and I would like to pick your brains as far as the security is concerned. My objective is that the In/Outbound traffic must pass thru ISA box Base on the attached design I feel that the security is lacking. I have downloaded ISA 2006 BETA version...and I want to introduce ISA Server as a member of the family to beef-up security. How can I make ISA Server 2006 beta play with this basic design, bearing in mind that I don't have a static IP address from my ISP. My ADSL is dhcp obtaining the IP address from ISP. I want to run ISA2006 on a separate box completely. With many thanks! Gene Sibbs ________________________________ New Yahoo! Messenger with Voice. Call regular phones from your PC <http://us.rd.yahoo.com/mail_us/taglines/postman5/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com> <http://us.rd.yahoo.com/mail_us/taglines/postman5/*http:/us.rd.yahoo.com/evt=39666/*http:/messenger.yahoo.com> and save big. ________________________________ Feel free to call! Free PC-to-PC calls. Low rates on PC-to-Phone. Get Yahoo! Messenger with Voice <http://us.rd.yahoo.com/mail_us/taglines/postman10/*http://us.rd.yahoo.com/evt=39663/*http://messenger.yahoo.com> <http://us.rd.yahoo.com/mail_us/taglines/postman10/*http:/us.rd.yahoo.com/evt=39663/*http:/messenger.yahoo.com> >BASIC SME NETWork SETUP > >Internet Cloud > | > | > | > | >ADSL (AZTECH ETHERNET USB) Broadband Router > DHCP > | > | > | >________|______________________ >LoCAL AREA NETWORK (Unmanaged Switch) >LAN IP Address 10.11.1.0/24 > >______________________________ > >SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*) > >AD OpenSource Helpdesk System >DHCP OpenSource Network Monitoring(nagios, nmis) >DNS SMS Pager >Intranet AV(clamWin Free AV) >Accounting >MAILs (Pulled from ISP thru pop3 connector) >CRM >WSUS >AV (clamWin Free AV + AVG) >______________________________ > >Security is an issue here... > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx