RE: Stateful inspection

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 30 Oct 2002 16:52:26 -0600

Hi John,
 
Just try it out. You'll see that you have to create explicit packet
filters to allow inbound access and outbound responses. The packet
filtering mechanism won't track the state of the connection. That's why
we always try to steer you away from using ISA Server as a packet
filtering router. You get the same packet filtering capabilities as you
get with the Win2k RRAS filters.
 
The POWER is in the private address DMZ. You can create a private
address DMZ in a back to back setup, or you can leverage several methods
to create a LAT-based DMZ segment.
 
HTH,
Tom

        -----Original Message-----
        From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx] 
        Sent: Wednesday, October 30, 2002 4:05 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Stateful inspection
        
        
        http://www.ISAserver.org
        
        

        No.

         

        That's why packet filters and trihomed DMZ (including public
address DMZs), suck. :-)

         

         

        Tom, are you serious?

         

        ISA does not do stateful packet in the DMZ?

         

        :-(

         

        Do the other vendors?

         

        John Tolmachoff  MCSE, CSSA

        IT Manager, Network Engineer

        701 S. Euclid

        La Habra, CA  91631

        562-694-4800, ext. 104

        jtolmachoff@xxxxxxxxxxxxxxxx

        www.reliancesoft.com <http://www.reliancesoft.com/> 

         

         

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: