Tell them then that they need to undertsand how it actually works. Some basic understanding of protocols and what you are actually trying to achieve goes a long way. I'm staggered at the amount of 'network guys" who can (isa aside) create an "allow all" rule and get it working. You need to sit down and plan out your firewall rules based on the traffic you need to pass, or block, before you install the firewall. Unless they have configured it wrong ISA wont be your problem The firewall service is required to be running so disabling it is NOT your answer, repeat NOT. Greg > LOL, good point! Not much of a school. :) > The guys who contacted me, already sent me this link and told me that this > was presented to the school managers. > The managers asked if we can try to do something about it. "Can't you make > it work? You are an IT guy" :) > > > ----- Original Message ---- > From: Jim Harrison <Jim@xxxxxxxxxxxx> > To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx> > Sent: Tuesday, 26 February, 2008 1:07:02 AM > Subject: [isapros] Re: ISA 2004 issue - cache only/single homed > > (there is a rule "allow all") - <WHIMPER> > ISA has ceased to protect the server where it resides. > This is the example your school creates for its students?!? > > Point your school network admins to this link: > http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Zoran Marjanovic > Sent: Sunday, February 24, 2008 8:35 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA 2004 issue - cache only/single homed > > Thanks Thomas. > > It's a school and they insisted on it. Interestingly, DC works fine and > clients have no problems at all (there is a rule "allow all", I was told). > The problem their admin experienced was related to accessing a share > hosted on this ISA box by their MS SMS (another box). > I have not logged on the server yet so I am not sure what errors they got > and how it really looks. My first thought was to simply shut firewalling > down, since they do not need it. I will probably check it today and will > let you know if I figure out what was the issue. > > Cheers, > > Zoran > > > ----- Original Message ---- > From: Thomas W Shinder <tshinder@xxxxxxxxxxx> > To: isapros@xxxxxxxxxxxxx > Sent: Monday, 25 February, 2008 2:43:17 PM > Subject: [isapros] Re: ISA 2004 issue - cache only/single homed > > > > The ISA firewall is NOT supported on a DC, so it’s a moot question. > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Zoran Marjanovic > Sent: Sunday, February 24, 2008 8:33 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] ISA 2004 issue - cache only/single homed > > > > Hi guys, > > > > It is a "multi-practic" server :), Win 2003 SP1, DC, ISA, file server... > huh, with only 1 NIC. > > > > Could you please confirm that Lockdown mode in ISA 2004 cannot be > disabled? (I think I saw it somewhere but cannot find it now) > > Also, is it possible to install ISA without its firewall service because > all I need is caching? > > > > Thanks a bunch! > > > > Zoran > > > > > > > > ________________________________ > > Get the name you always wanted with the new y7mail email address > <http://au.rd.yahoo.com/mail/taglines/au/y7mail/default/*http:/au.yahoo.com/y7mail/?p1=ni&p2=general&p3=tagline&p4=other> > . > > > > ________________________________ > > Get the name you always wanted with the new y7mail email address > <http://au.rd.yahoo.com/mail/taglines/au/y7mail/default/*http://au.yahoo.com/y7mail/?p1=ni&p2=general&p3=tagline&p4=other> > . > > > Get the name you always wanted with the new y7mail email address. > www.yahoo7.com.au/y7mail > >