[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

• From: "Jason Jones" <Jason.Jones@xxxxxxxxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Sat, 13 Jan 2007 23:46:26 -0000

Steve,
 
Yep, terminology is a nightmare for this area! Maybe this is where I
have gone wrong and caused the intial "late night storm" :-)
 
Let me provide an example...
 
Lets say we have a two layer back-to-back firewall architecture with a
PF firewall at the outer edge followed by ISA in parallel as the back
firewall. In this scenario, I would call interfaces off of the PF
firewall as DMZ's - I would also call the network between the PF and ISA
a DMZ. BUT ISA protected networks created with interfaces on ISA, I
would call perimeter networks. These perimeter networks are the only
place I would put domain members like FE/CAS servers. Ideally ISA would
have several interfaces, each used to create separate trusted networks
like "auth access perimeter networks", "anonymous access perimeter
network" etc in addtion to the normal "internal network". 
 
I used the term DMZ becuase that is what the Exchange team seem to be
using in their forum posts, although as Jim said, often this has been
updated to perimeter in a lot of newer cases.
 
In general, I only tend to use the term DMZ when talking about non-ISA
firewalls or dumb firewalls that don't application inspect. Persoanlly,
I like the term perimeter network, combined with usage like
"authentication access perimeter network". This is nomrally different
enough for people to raise questions or assume it isn't a normal DMZ.
 
JJ
 
 


________________________________

From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Sent: 12 January 2007 20:12
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks



Ahh...just had a thought.

 

It's all labeling.

 

Jason, and others (not Jason's fault), have been using the term DMZ.

 

Historically, is the term DMZ not taken literally as being completely
firewalled off from the trusted networks, and what Jason is talking
about is trusted network segmentation.

 

I betcha that's why the Exchange team don't support it...they think it's
a typical run of the mill DMZ...

 

Jim, isn't MS's Internal network segmented by usin ISA?? Including your
mail servers?

 

S

• References:
  • [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
    • From: Jason Jones
  • [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
    • From: Gerald G. Young
  • [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
    • From: Jim Harrison
  • [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
    • From: Gerald G. Young
  • [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
    • From: Steve Moffat

Other related posts:

• » [isapros] ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

1. Home
2. isapros
3. Archive
4. 01-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---