Getting closer to a good argument, but you should also mention that it isn't really "working"... You're not even hardly using it! Him: "Yes, but it worked for the last two years!" You: "Not really, all we've been using it for is to cache web pages. If the server was removed, the only real difference we'd see is a slow down of web browsing." Him: "Then why don't we remove it?" You: "It makes a fantastic firewall, why don't we actually USE it instead?" Well, something like that anyways... -----Original Message----- From: Philip Clark [mailto:pclark@xxxxxxxxxxxxx] Sent: Monday, August 29, 2005 2:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Use two NICs? Convince me. http://www.ISAserver.org Me: "Well, it's working but the configuration is not supported by MS" Him: "But it works right?" Me: "Yes it does right now, but you never know if a future service pack may make it stop working. Not to mention that it is not near as secure as it could be. If it suddenly stops working one day, and we are in an OH SH*T situation. MS will not help us with an unsupported configuration." Him: "Yes, but it worked for the last two years!" Me: "Ok great, and you have been lucky up to this point. If you want to continue to press your luck that is your choice." ..plenty convincing not to mention an added dash of CYA -----Original Message----- From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] Sent: Monday, August 29, 2005 1:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Use two NICs? Convince me. http://www.ISAserver.org Yes. Not supported -- but it works... I'd like to understand why, if it is not supposed to work at all, it works? Please someone enlighten me. It does works, I have a fine example sitting over there. So far my client would not be convinced, the exchange would go like this: Me: "Well, it is not supposed to be that way." Him: "... But it works, right?" Me: "Well... yeah, but it says the feature is not available." Him: "Well, it works, and has worked for the past two years." Me: "..." Hardly convincing... -----Message d'origine----- De : JimmyJoeBobAlooba [mailto:jim@xxxxxxxxxxxx] Envoyé : 29 août 2005 14:16 À : [ISAserver.org Discussion List] Objet : [isalist] Re: Use two NICs? Convince me. http://www.ISAserver.org NOT SUPPORTED I don't think I can be any more clear... ----- Original Message ----- From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, August 29, 2005 11:08 AM Subject: [isalist] Re: Use two NICs? Convince me. http://www.ISAserver.org No, not really. I wish they were though. Quote: The following features are not available when ISA Server 2004 is configured in single network adapter mode: * IP packet filtering * Multi-network firewall policy * Application-level filtering * Virtual private networking * Server publishing * Firewall clients However, Firewall clients and IP packet filter seem to indeed be working. And they have been working for years. It's not like it was set up yesterday and I am wondering why I doesn't work... -----Message d'origine----- De : JimmyJoeBobAlooba [mailto:jim@xxxxxxxxxxxx] Envoyé : 29 août 2005 14:03 À : [ISAserver.org Discussion List] Objet : [isalist] Re: Use two NICs? Convince me. http://www.ISAserver.org KBs are your friend: http://support.microsoft.com/?id=838364 http://support.microsoft.com/?id=840471 ----- Original Message ----- From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, August 29, 2005 10:56 AM Subject: [isalist] Use two NICs? Convince me. http://www.ISAserver.org Greetings, Would anyone be so kind as to attempt to convince me that I *need* two network cards in my ISA 2004 firewall over here? (now please note that I did not design this network.) The configuration is made like this. The servers and the local LAN share one subnet (192.168.10.0/24) and are all behind a netscreen firewall. Somewhere among the servers is a single nic ISA 2004 server with a gateway (the netscreen). The client workstations use the Firewall client to connect to the internet, for they have no gateway, and even if they did, the netscreen is configure to only NAT out specific IPs. So far, it works. With a few hitches, but it works. We can add filtering rules for the client workstations, and restrict what we want. Why should I add another card and redesign part of the network that is already working? (I honestly did not do such a thing. I'd redesign it, but my client is not necessarily happy about this, and I need arguments.) -- Alexandre Gauthier Analyste Réseau/Network Analyst Québec Loisirs ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pclark@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx