Securing ISA Interfaces
- From: Glenn Maks <gmaks@xxxxxxxxx>
- To: jim@xxxxxxxxxxxx
- Date: Tue, 2 Dec 2003 14:33:52 -0500
Hello Group - My ISA server has 3 Network Interface cards, one to the
Internet, one for my DMZ and the third that connects my private network, I
noticed that when publishing
services like HTTP and FTP for clients on the Internet, this same access is
allowed from my Private network segment to my DMZ as well, in Summary, I
have HTTP and FTP servers on my DMZ that I publish for clients on the
Internet, with out creating any access policies these same services are
available or accessible from my Private Network Segment, according to
Microsoft, the only way I can secure interfaces like my DMZ interface, I
need to remove the DMZ IP address range from the LAT, then create access
polices using site and content or protocol rules, which is fine, but when I
go to remove the DMZ Definition from the LAT, ISA returns an error and will
not allow me to delete it because one or more the published servers occupy
an IP address that is in the range from the DMZ that I have defined in the
LAT
Could anyone please provide me some insight as to how I might remove the DMZ
LAT Definition with out breaking my already published servers ?
Thank you group
Glenn
Other related posts:
