RE: possible fix ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 30 Mar 2005 10:29:54 -0500
Good point. The reason I mentioned ROUTE ADD is because my current
configuration involves multiple sub-nets, using multiple internal
Networks in ISA. So, I can't even get to the other subnet without
passing through the ISA server, and reconfiguring the network at this
point would be a nightmare.
However, this looks like it will be changing in a few months with the
installation of new fiber allowing us to have almost all of our subnets
combined into one large subnet. At that point, a concept like this might
actually be practical, with all of the DHCP clients having no default
gateway.
I was curious if anyone had any other ideas similar to this...
-----Original Message-----
From: David Haam [mailto:DavidH@xxxxxxxxxxxx]
Sent: Wednesday, March 30, 2005 10:13
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: possible fix ISAserver.org - Review of
SurfControl Web Filter 5.0 for ISA Server 2004
http://www.ISAserver.org
It would be more "manageable" to design your IP routing infrastructure
to have clients route on your internal network through what's put in as
the default gateway, but not allow that final route outbound. Trying to
manage manual routes and ROUTE ADD commands is a real pain.
i.e. If you have only one internal subnet, it would be just eliminating
the default gateway. If you have multiple internal subnets, just make
sure that the "last hop" outbound is only for the server subnet (or
using ACLs to allow only the SecureNAT devices to route out). Since your
internal networking will be a solid IP routing infrastructure, all
clients should be able to get to the ISA server to be proxy clients.
Other related posts: