RE: Server clients
- From: "Ash Ridley" <ash.ridley@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 13 Oct 2002 11:20:20 +0100
Dan,
Its generally a bad idea to put the firewall client on the server itself
due to the way that the firewall client will dynamically create packets
filters to allow any outbound packet from the server (unless that packet
type has been explicitly denied). This could potentially create 'holes'
in your firewall (such as if the IIS server were infected with a
trojan).
I'm not quite sure what you mean by your second question. It appears you
want to know why external firewall clients cannot reach an internal
server? If this is correct then the question doesnt make sence. Only
internal clients can make use of firewall/secureNAT, external clients
will either come in via server or web publishing rules
Hope this helps
-----Original Message-----
From: Daniel L. Miller [mailto:dmiller@xxxxxxxxx]
Sent: 12 October 2002 18:20
To: [ISAserver.org Discussion List]
Subject: Server clients
I know I've seen this before, but why is it a bad thing for the IIS
server to be a firewall client?
And why can I only get to my internal servers (through the external
interface) via the firewall client and not securenat?
Other related posts:
