Re: Use two NICs? Convince me.

  • From: Alexandre Gauthier <gauthiera@xxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 29 Aug 2005 14:08:30 -0400

No, not really. I wish they were though.

Quote:

The following features are not available when ISA Server 2004 is configured
in single network adapter mode:
*       IP packet filtering
*       Multi-network firewall policy
*       Application-level filtering
*       Virtual private networking
*       Server publishing
*       Firewall clients


However, Firewall clients and IP packet filter seem to indeed be working.
And they have been working for years. It's not like it was set up yesterday
and I am wondering why I doesn't work...

-----Message d'origine-----
De : JimmyJoeBobAlooba [mailto:jim@xxxxxxxxxxxx] 
Envoyé : 29 août 2005 14:03
À : [ISAserver.org Discussion List]
Objet : [isalist] Re: Use two NICs? Convince me.

http://www.ISAserver.org

KBs are your friend:
http://support.microsoft.com/?id=838364
http://support.microsoft.com/?id=840471

----- Original Message ----- 
From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, August 29, 2005 10:56 AM
Subject: [isalist] Use two NICs? Convince me.


http://www.ISAserver.org

Greetings,



Would anyone be so kind as to attempt to convince me that I *need* two
network cards in my ISA 2004 firewall over here?



(now please note that I did not design this network.)



The configuration is made like this. The servers and the local LAN share one
subnet (192.168.10.0/24) and are all behind a netscreen firewall. Somewhere
among the servers is a single nic ISA 2004 server with a gateway (the
netscreen). The client workstations use the Firewall client to connect to
the internet, for they have no gateway, and even if they did, the netscreen
is configure to only NAT out specific IPs.



So far, it works. With a few hitches, but it works. We can add filtering
rules for the client workstations, and restrict what we want.



Why should I add another card and redesign part of the network that is
already working?



(I honestly did not do such a thing. I'd redesign it, but my client is not
necessarily happy about this, and I need arguments.)



--

Alexandre Gauthier

Analyste Réseau/Network Analyst

Québec Loisirs







------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2005