RE: Site Connectivity with ISA / VPN
- From: "Simon Weaver" <Simon.Weaver@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 28 Jun 2003 22:42:06 -0000
Thanks Tom
Yes I agree, I think most large companies including teh last one I worked for
have single server hardware / vpn based firewall solutions, and SQL / Exch / AD
on singler servers in other locations.
In the line of SBS2k, I actually like ISA - agree I never did think Proxy 2 was
a firewall solution - It didnt really offer any protection in the first place
:o)
One of my clients have Linux and use a firewall called IPCop and it has proved
to be a big-hit!
But I dont want to discuss this on an ISA list Hee Hee :o)
Thanks for your help and comments Tom. Although SBS2000 does not support Trust
relationships, if the same user accounts are created on the 2 servers, this
should get around a few issues!
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: 28 June 2003 21:24
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Site Connectivity with ISA / VPN
http://www.ISAserver.org
Hi Simon,
ISA would do as well as any other firewall software on the SBS machine. The
problem is that people think an ISA firewall is the same as a Proxy 2.0 server.
Proxy 2.0 wasn't a firewall, it was a web caching server with some advanced
remote Winsock features, so you might as well put the Web Proxy 2.0 on the SBS
box because you're going to have to get a firewall anyway :-)
The ISA firewall will protect the SBS box, but you should get another firewall
of some kind to put in front of it. Firewalls are bastion hosts, and so they're
in the front line of attack. That's why Exchange, AD and SQL aren't good things
on the ISA firewall. In a perfect world, they would remove ISA from SBS, or
allow some sort of exemption that allows you to install only the ISA component
on another machine on the network. That would be the most rational approach,
since it doesn't belong on the same machine as the rest of the software in the
SBS suite.
HTH,
Tom
Thomas W Shinder
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp
-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent: Saturday, June 28, 2003 5:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Site Connectivity with ISA / VPN
http://www.ISAserver.org
Hi Tom
Thanks - Yes I do see your point, but some companies look towards SBS2000 as a
Single Server Solution - I would agree that a 2nd Server would be good for
storage of Data, or even a NAS based Solution!
But in teh case of a single server solution, are you saying that ISA would not
do an effective job in protecting the data on this server?
Just your opinion I would be intersted in
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: 28 June 2003 18:57
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Site Connectivity with ISA / VPN
http://www.ISAserver.org
Hi Simon,
I would buy a second server and put Win2k and ISA Server on that machine.
What's the price of security? Not much until you get compromised. Putting
Exchange on a the Firewall just isn't a risk I'm willing to take (for myself or
others)
However, some people have a higher risk tolerance. I don't like gambling in Las
Vegas that much either ;-)
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent: Saturday, June 28, 2003 2:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Site Connectivity with ISA / VPN
http://www.ISAserver.org
Hello Tom
You mentioned enterprise groupware products on a firewall machine - what
happens if you only have a single server in each site? Would ISA not protect
things?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: 28 June 2003 16:14
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Site Connectivity with ISA / VPN
http://www.ISAserver.org
Hi Simon,
You can accomplish all three, it'll take a little bit of tweaking. The trust
relationships should not be an issue, but depending on what you want to
accomplish, you will need to enter the same accounts and passwords in each
domain. However, I don't recommend putting enterprise Groupware products on a
firewall. Its like putting your wallet out on the front yard before you go to
bed at night and expect it to be there in the morning :-)
HTH,
Tom
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
