Re: Use two NICs? Convince me.

• From: "Ball, Dan" <DBall@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 29 Aug 2005 17:11:20 -0400

Getting closer to a good argument, but you should also mention that it isn't 
really "working"...  You're not even hardly using it!  

Him: "Yes, but it worked for the last two years!"
You: "Not really, all we've been using it for is to cache web pages.  If the 
server was removed, the only real difference we'd see is a slow down of web 
browsing."
Him: "Then why don't we remove it?"
You: "It makes a fantastic firewall, why don't we actually USE it instead?"

Well, something like that anyways... 

-----Original Message-----
From: Philip Clark [mailto:pclark@xxxxxxxxxxxxx] 
Sent: Monday, August 29, 2005 2:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Use two NICs? Convince me.

http://www.ISAserver.org

Me: "Well, it's working but the configuration is not supported by MS"
Him: "But it works right?"
Me: "Yes it does right now, but you never know if a future service pack may
make it stop working. Not to mention that it is not near as secure as it
could be.  If it suddenly stops working one day, and we are in an OH SH*T
situation. MS will not help us with an unsupported configuration."
Him: "Yes, but it worked for the last two years!"
Me: "Ok great, and you have been lucky up to this point. If you want to
continue to press your luck that is your choice."

..plenty convincing not to mention an added dash of CYA 

-----Original Message-----
From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] 
Sent: Monday, August 29, 2005 1:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Use two NICs? Convince me.

http://www.ISAserver.org

Yes. Not supported -- but it works...

I'd like to understand why, if it is not supposed to work at all, it works?

Please someone enlighten me. It does works, I have a fine example sitting
over there.

So far my client would not be convinced, the exchange would go like this:

Me: "Well, it is not supposed to be that way."
Him: "... But it works, right?"
Me: "Well... yeah, but it says the feature is not available."
Him: "Well, it works, and has worked for the past two years."
Me: "..."

Hardly convincing...

-----Message d'origine-----
De : JimmyJoeBobAlooba [mailto:jim@xxxxxxxxxxxx] Envoyé : 29 août 2005 14:16
À : [ISAserver.org Discussion List] Objet : [isalist] Re: Use two NICs?
Convince me.

http://www.ISAserver.org

NOT SUPPORTED

I don't think I can be any more clear...

----- Original Message -----
From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, August 29, 2005 11:08 AM
Subject: [isalist] Re: Use two NICs? Convince me.


http://www.ISAserver.org

No, not really. I wish they were though.

Quote:

The following features are not available when ISA Server 2004 is configured
in single network adapter mode:
* IP packet filtering
* Multi-network firewall policy
* Application-level filtering
* Virtual private networking
* Server publishing
* Firewall clients


However, Firewall clients and IP packet filter seem to indeed be working.
And they have been working for years. It's not like it was set up yesterday
and I am wondering why I doesn't work...

-----Message d'origine-----
De : JimmyJoeBobAlooba [mailto:jim@xxxxxxxxxxxx]
Envoyé : 29 août 2005 14:03
À : [ISAserver.org Discussion List]
Objet : [isalist] Re: Use two NICs? Convince me.

http://www.ISAserver.org

KBs are your friend:
http://support.microsoft.com/?id=838364
http://support.microsoft.com/?id=840471

----- Original Message ----- 
From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, August 29, 2005 10:56 AM
Subject: [isalist] Use two NICs? Convince me.


http://www.ISAserver.org

Greetings,



Would anyone be so kind as to attempt to convince me that I *need* two
network cards in my ISA 2004 firewall over here?



(now please note that I did not design this network.)



The configuration is made like this. The servers and the local LAN share one
subnet (192.168.10.0/24) and are all behind a netscreen firewall. Somewhere
among the servers is a single nic ISA 2004 server with a gateway (the
netscreen). The client workstations use the Firewall client to connect to
the internet, for they have no gateway, and even if they did, the netscreen
is configure to only NAT out specific IPs.



So far, it works. With a few hitches, but it works. We can add filtering
rules for the client workstations, and restrict what we want.



Why should I add another card and redesign part of the network that is
already working?



(I honestly did not do such a thing. I'd redesign it, but my client is not
necessarily happy about this, and I need arguments.)



--

Alexandre Gauthier

Analyste Réseau/Network Analyst

Québec Loisirs







------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pclark@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » RE: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » RE: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » RE: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.
• » Re: Use two NICs? Convince me.

1. Home
2. isalist
3. Archive
4. 08-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---