From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Subject: [isalist] RE: second firewall
Date: Thu, 11 Dec 2003 19:38:45 -0600
http://www.ISAserver.org
Hi Dave,
Could you post a Visio diagram of your network? Not sure what the exact
placement of the ISA firewalls are in your organization and the effect
of domain partitioning.
HTH,
Tom
-----Original Message-----
From: dave dave [mailto:daver300@xxxxxxxxxxx]
Sent: Thursday, December 11, 2003 7:11 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: second firewall
http://www.ISAserver.org
hi
thankyou for your reply
if i configure firewall chaining and web proxy chaining in the internal
isa ,so the lan interface (school) and distribution interface (wireless
nework) will be in lat table? did the users in distribution interface
(wireless network)with FWC will not be affected by the new firewall isa
in thier local network? they are configured to the external isa
firewall,did the internal isa will acte only as a router for them to
reach the external isa?when the internal isa acte as firewall client and
web proxy client.
second question for the authentication with AD domain controller which
is located in the DMZ segment which is really a backboon relate
differant lan in the domain and all the network belong to the same
domain,how the internal users will be authenticate through the internal
isa? is there any problem for authentication?
thank you for your help
Dave
>From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
>Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>Subject: [isalist] RE: second firewall
>Date: Wed, 10 Dec 2003 18:20:55 -0600
>
>http://www.ISAserver.org
>
>Hi Dave,
>
>When they install the new ISA firewall, make sure you configure it to
>take advantage of Web Proxy chaining. That will provide improved
>performance and security for them. They can also use firewall chaining
>too.
>
>HTH,
>Tom
>
>-----Original Message-----
>From: dave dave [mailto:daver300@xxxxxxxxxxx]
>Sent: Wednesday, December 10, 2003 9:01 AM
>To: [ISAserver.org Discussion List]
>Subject: [isalist] second firewall
>
>http://www.ISAserver.org
>
>Hi
>
>
>
>We have in our network enterprise arrays with external isa server that
>act as firewall that connected to the internet and the others isa
>servers acting as proxy or cache server
>
>In each cache server (proxy) has 3 interfaces:
>
>First interface connect to LAN network (school) users are SN only
>
>Second interface connect to distribution LAN (wireless network) users
>are FWC and SN (FWC users are configured to use the external isa,and
>configured to use their local proxy)
>
>Third interface connect to external isa
>
>Now the school want to install firewall in their interface to protect
>their network.
>
>And here is the question? How we could do that without affecting the
>users in distribution interface which have fwc configured to use the
>external isa?
>
>We need this firewall to be used only for the lan (school) interface
>
>There is any solution with isa or its better to use another hardware
>firewall in that interface?
>
>Thanks in advance for your help
>
>
>
>Dave
>
>_________________________________________________________________
>Stay in touch with absent friends - get MSN Messenger
>http://www.msn.co.uk/messenger
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>Leading Network Software Directory: http://www.serverfiles.com
>No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
>Security Resource Site: http://www.windowsecurity.com/ Network Security
>Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
>http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>tshinder@xxxxxxxxxxxxxxxxxx
>To unsubscribe send a blank email to
>$subst('Email.Unsub')
>
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>Leading Network Software Directory: http://www.serverfiles.com
>No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
>Security Resource Site: http://www.windowsecurity.com/ Network Security
>Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
>http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>daver300@xxxxxxxxxxx
>To unsubscribe send a blank email to
>$subst('Email.Unsub')
_________________________________________________________________
Use MSN Messenger to send music and pics to your friends
http://www.msn.co.uk/messenger
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
daver300@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
