[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
Date: Wed, 28 Feb 2007 14:08:01 -0800
Why does the movie "Crazy People" come to mind with all of this??

t


On 2/28/07 1:47 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:

> "ISA, the Firewall that Cares"
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
> 
>  
> 
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of John T (lists)
>> Sent: Wednesday, February 28, 2007 1:34 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>> 
>> "ISA, not your average hardware firewall!"
>> 
>> "An ISA you can trust!"
>> 
>> "ISA, it just keeps working and working and working!"
>> 
>> "ISA blocks what others let through!"
>> 
>> John T
>> 
>>> -----Original Message-----
>>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>> On Behalf Of Greg Mulholland
>>> Sent: Tuesday, February 27, 2007 1:36 PM
>>> To: isapros@xxxxxxxxxxxxx
>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>> 
>>> An aussie contribution:
>>> 
>>> ISA ISA ISA, Oi Oi Oi.
>>> 
>>> Sorry that's really bad..
>>> 
>>> -----Original Message-----
>>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>> On
>>> Behalf Of Thor (Hammer of God)
>>> Sent: Wednesday, 28 February 2007 1:51 AM
>>> To: isapros@xxxxxxxxxxxxx
>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>> 
>>> How about "ISA. So simple a caveman can use it."  Oh wait.
>> SBS already
>>> took
>>> that one! :-p
>>> 
>>> t
>>> 
>>> 
>>> On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
>>> spoketh
>>> to all:
>>> 
>>>> Should be "Firewall's make me Hot", shouldn't it?
>>>> 
>>>> How about "Flames, baby flames, you're goin' down." As said by The
>>>> Bomber What Bombs at Midnight. (from The Tick, of course)
>>>> 
>>>> Amy
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of Gerald G. Young
>>>> Sent: Tuesday, February 27, 2007 9:12 AM
>>>> To: isapros@xxxxxxxxxxxxx
>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>>> 
>>>> "ISA, your friendly, neighborhood firewall."
>>>> "Never a dull rule in ISA."
>>>> "ISA's hot." - as imagined said by Paris Hilton.
>>>> "ISA and PIX, sitting in a tree..." - yeah, not so much. ;)
>>>> "I'll show you my certificate if you'll show me yours."
>>>> 
>>>> Cordially yours,
>>>> Jerry G. Young II
>>>> Application Engineer, Platform Engineering and Architecture
>>>> NTT America, an NTT Communications Company
>>>> 
>>>> 22451 Shaw Rd.
>>>> Sterling, VA 20166
>>>> 
>>>> Office: 571-434-1319
>>>> Fax: 703-333-6749
>>>> Email: g.young@xxxxxxxx
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of Thomas W Shinder
>>>> Sent: Monday, February 26, 2007 7:22 PM
>>>> To: isapros@xxxxxxxxxxxxx
>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>>> 
>>>> "ISA's Got You In Its Sites"
>>>> 
>>>> Thomas W Shinder, M.D.
>>>> Site: www.isaserver.org
>>>> Blog: http://blogs.isaserver.org/shinder/
>>>> Book: http://tinyurl.com/3xqb7
>>>> MVP -- Microsoft Firewalls (ISA)
>>>> 
>>>> 
>>>> 
>>>>> -----Original Message-----
>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
>>>>> Sent: Monday, February 26, 2007 4:01 PM
>>>>> To: isapros@xxxxxxxxxxxxx
>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>>>> 
>>>>> I'd rather be on Layer 7
>>>>> 
>>>>> Amy
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> -----Original Message-----
>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>>> On Behalf Of Jim Harrison
>>>>> Sent: Monday, February 26, 2007 4:45 PM
>>>>> To: isapros@xxxxxxxxxxxxx
>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>>>> 
>>>>> Not bad; except for the trailing commentary...
>>>>> :-p
>>>>> 
>>>>> -----Original Message-----
>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>>> On Behalf Of Thomas W Shinder
>>>>> Sent: Monday, February 26, 2007 12:53 PM
>>>>> To: isapros@xxxxxxxxxxxxx
>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>>>> 
>>>>> How about:
>>>>> 
>>>>> "ISA Firewall Rules!"
>>>>> 
>>>>> Get it? Firewall rules? Like in firewall ruleset? You
>> know, sort of a
>>>>> double entendre sort of thingie :))
>>>>> 
>>>>> Thomas W Shinder, M.D.
>>>>> Site: www.isaserver.org
>>>>> Blog: http://blogs.isaserver.org/shinder/
>>>>> Book: http://tinyurl.com/3xqb7
>>>>> MVP -- Microsoft Firewalls (ISA)
>>>>> 
>>>>> 
>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>>>>>> Sent: Monday, February 26, 2007 2:27 PM
>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>>>>> 
>>>>>> Ok - it's official - let's get an "ISABlog motto" contest going.
>>>>>> Basic rules:
>>>>>> - no derogatory comments about CheckPix or similar (makes
>>>>> the lawyers
>>>>>> tremble)
>>>>>> - no marketing spew
>>>>>> - keep it short (10 words max)
>>>>>> - must use ISA behavior or feature (like "wpad")
>>>>>> - should abuse a common phrase (like "does a nautical
>> pimp keep his
>>>>>> 'oars' in the water?")
>>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>>>> On Behalf Of Thomas W Shinder
>>>>>> Sent: Monday, February 26, 2007 12:23 PM
>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>>>>>> 
>>>>>> You had me at WPAD? :)
>>>>>> 
>>>>>> Thomas W Shinder, M.D.
>>>>>> Site: www.isaserver.org
>>>>>> Blog: http://blogs.isaserver.org/shinder/
>>>>>> Book: http://tinyurl.com/3xqb7
>>>>>> MVP -- Microsoft Firewalls (ISA)
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>>>>>>> Sent: Monday, February 26, 2007 12:26 PM
>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and
>> Perimeter Networks
>>>>>>> 
>>>>>>> NDA is a completely different point and Amy has it right -
>>>>>>> non-MS lists
>>>>>>> are verboten to NDA material.
>>>>>>> I'm an "odd duck" in this context (for more than one reason -
>>>>>>> ha! - beat
>>>>>>> ya to it!), because it's actually a large part of my job
>>>>> to "keep my
>>>>>>> finger on the pulse", as it were.  This is why you see me
>>>>>> doing trips
>>>>>>> like tech Ready & Black Hat.  Unfortunately, fiscal
>>>>>>> limitations curtail
>>>>>>> any further involvement, but such is corporate life.
>>>>>>> 
>>>>>>> I agree that the ISA team hasn't exactly kept pace
>> with teams like
>>>>>>> Exchange (we don't even have a silly motto like "you had me
>>>>>> at ehlo"),
>>>>>>> but it still comes back to the "effort priorities".  I've
>>>>>> been working
>>>>>>> with the right folks to make this a better experience
>> all around
>>>>>>> (especially for the MVPs), but these things tend to
>> move slowly...
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>>>>> On Behalf Of Thor (Hammer of God)
>>>>>>> Sent: Monday, February 26, 2007 9:54 AM
>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and
>> Perimeter Networks
>>>>>>> 
>>>>>>> Conflicting info, then.  I was told by a source that non-MSFT
>>>>>>> lists were
>>>>>>> poo-poo'ed on for liability and NDA reasons.
>>>>>>> 
>>>>>>> And while I totally understand the "bottom line" thinking, it
>>>>>>> seems like
>>>>>>> a
>>>>>>> huge waste to initiate something like the MVP program and to
>>>>>>> go through
>>>>>>> all
>>>>>>> the motions only to do it half-assed.
>>>>>>> 
>>>>>>> t
>>>>>>> 
>>>>>>> 
>>>>>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx>
>>>>>> spoketh to all:
>>>>>>> 
>>>>>>>> In fact, ISA product team members are strongly encouraged to
>>>>>>> participate
>>>>>>>> in lists, NG, blogs and all other manner of public
>> communication
>>>>>>>> efforts.
>>>>>>>> The sad fact is; the time available for such endeavors
>>>>> is woefully
>>>>>>>> small.
>>>>>>>> MS, like many profit-making businesses, operates with
>>>>> the smallest
>>>>>>> teams
>>>>>>>> required to produce product "X".
>>>>>>>> Unfortunately, with software engineering being what it
>>>>> is, and the
>>>>>>>> pressures of the marketing "old boy club", the teams are
>>>>>>> too small to
>>>>>>>> cover all the "nice to do" bases and still leave
>> folks time for
>>>>>>>> themselves.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> -----Original Message-----
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>>>>>> On Behalf Of Thor (Hammer of God)
>>>>>>>> Sent: Monday, February 26, 2007 9:07 AM
>>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and
>> Perimeter Networks
>>>>>>>> 
>>>>>>>> I never really saw much from the PM's over there- just that
>>>>>>> one stint
>>>>>>>> about SQL logging, and to be honest, there wasn't
>> much valuable
>>>>>>> content
>>>>>>>> sourced from the MSFT side... In fact, as I understand it,
>>>>>>> the PM and
>>>>>>>> product support people (other than Jim) are apparently
>>>>>> not pushed to
>>>>>>>> participate (and may be asked not to) because of the fact
>>>>>> that it is
>>>>>>> NOT
>>>>>>>> an official MSFT site, and that NDA and product liability
>>>>>> may be an
>>>>>>>> issue.
>>>>>>>> 
>>>>>>>> I'm going to draft up a "suggestions for the MVP program"
>>>>>> and submit
>>>>>>>> them to the powers that be, just so that things like
>> this can be
>>>>>>>> addressed.
>>>>>>>> 
>>>>>>>> t
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 2/26/07 8:50 AM, "Thomas W Shinder"
>>>>>>> <tshinder@xxxxxxxxxxx> spoketh
>>>>>>> to
>>>>>>>> all:
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> It's been a real problem for the ISA PG to work with the ISA
>>>>>>>> MVPs, because they think that the ISA MVPs are still
>>>>>>> involved with the
>>>>>>>> ISA MVP mailing list. I explained to them that because
>>>>> of "issues"
>>>>>>> with
>>>>>>>> that list that there was less than optimal participation
>>>>>>> and that they
>>>>>>>> needed to get a MS managed solution. At the very least,
>>>>> they could
>>>>>>>> create their own DL and send mail to people on that
>> list. I hate
>>>>>>> missing
>>>>>>>> out on the ISA PGs communications on that "other" list, but
>>>>>>> my life is
>>>>>>>> so much better not having to listen to the ****** that
>>>>>> happens over
>>>>>>>> there.
>>>>>>>> 
>>>>>>>> Thomas W Shinder, M.D.
>>>>>>>> Site: www.isaserver.org <http://www.isaserver.org/>
>>>>>>>> <http://www.isaserver.org/>
>>>>>>>> Blog: http://blogs.isaserver.org/shinder/
>>>>>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
>>>>>>>> <http://tinyurl.com/3xqb7>
>>>>>>>> MVP -- Microsoft Firewalls (ISA)
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ________________________________
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>>>>> (Hammer of
>>>>>>> God)
>>>>>>>> Sent: Monday, February 26, 2007 8:56 AM
>>>>>>>> To:  isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and  Perimeter
>>>>>>>> Networks
>>>>>>>> 
>>>>>>>> 
>>>>>>>> I spoke with Melissa Travers, the MVP Lead for both  ISA
>>>>>>>> and Exchange, and she said the Exchange group's MVP site
>>>>>> was really,
>>>>>>>> really good, and that the Exchange group themselves is
>>>>>> quite active.
>>>>>>>> Being they are the Exchange group, I can see why they
>>>>> would have a
>>>>>>>> decent portal. ;)
>>>>>>>> 
>>>>>>>> I suggested that if there were a single sourced,
>>>>>>>> Microsoft controlled MVP site where we could "browse
>>>>>> through" other
>>>>>>> MVP
>>>>>>>> list  content, that issues like this (the perceptions
>>>>>>> surrounding what
>>>>>>>> Exchange will  and won't support and why) would be much
>>>>> easier to
>>>>>>>> manage, and that "the right  people" from both sides could
>>>>>>> engage each
>>>>>>>> other in a positive way when two  technologies collide like
>>>>>>> this.  To
>>>>>>>> me, this is a major shortcoming in  the MVP program
>>>>>> overall.  Given
>>>>>>> the
>>>>>>>> fact that the MVP program was created  in order to provide a
>>>>>>>> collaborative environment for various technologies, it
>>>>>> seems like a
>>>>>>>> horrible waste of a perfect opportunity to expand that
>>>>>> environment
>>>>>>> out
>>>>>>>> to the MVP's and product teams in other product
>>>>>> competencies.    The
>>>>>>>> fate of the ISA-MVP list is testament to that.
>>>>>>>> 
>>>>>>>> So, in  the absence of a coordinated effort on
>>>>>>>> Microsoft's part to wrap it's  collective arms around the
>>>>>> MVP's and
>>>>>>>> product teams, I'll see if I can get on  the Exchange
>>>>> MVP list and
>>>>>>> begin
>>>>>>>> a dialog of exactly what is going on here.   But I'll
>>>>> need to get
>>>>>>>> immersed in Ex2007 first, which I've just not had  the
>>>>> time to do.
>>>>>>> The
>>>>>>>> promise of true unified messaging in 2007 was  a major draw
>>>>>>> to me, but
>>>>>>>> given the apparent narrow PBX support and lack of  official
>>>>>>>> functionality documentation, the rush to explore has lost it's
>>>>>>> luster.
>>>>>>>> 
>>>>>>>> t
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 2/26/07 6:02 AM, "Jim Harrison"  <Jim@xxxxxxxxxxxx>
>>>>>>>> spoketh to all:
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Documentation always follows the  product, which
>>>>>>>> is barely on the streets.
>>>>>>>> I've seen some regarding WM6,  but the basic
>>>>>>>> concepts are the same.
>>>>>>>> ..coming soon to a website near  you...
>>>>>>>> 
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of
>> Jason Jones
>>>>>>>> Sent: Monday, February 26, 2007  3:31 AM
>>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
>>>>>>>> Perimeter Networks
>>>>>>>> 
>>>>>>>> Hi All,
>>>>>>>> 
>>>>>>>> Anyone (Tim?) had chance to look at the least
>>>>>>>> privilige approach with Exchange 2007 yet?
>>>>>>>> 
>>>>>>>> From what I am hearing the "CAS not supported in
>>>>>>>> perimeter" statement is based more on "we haven't tested it
>>>>>>> yet" more
>>>>>>>> than  "we don't think it is a good idea".
>>>>>>>> 
>>>>>>>> I have a few customers looking at placing the
>>>>>>>> entire  Exchange architecture behind ISA (very
>>>>> untrusted LANs) - I
>>>>>>> have
>>>>>>>> done this  with Exch2k3, but has anyone looked at this
>>>>>> for  Exch2k7?
>>>>>>>> 
>>>>>>>> I am guessing this is not supported either, but
>>>>>>>> documentation is very thin on the ground with reference
>>>>> to 2k7 and
>>>>>>>> periemeter networking....
>>>>>>>> 
>>>>>>>> Cheers
>>>>>>>> 
>>>>>>>> JJ
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ________________________________
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
>>>>>> (Hammer of
>>>>>>> God)
>>>>>>>> Sent: 15 January 2007  15:27
>>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
>>>>>>>> Perimeter Networks
>>>>>>>> Right you are...  The analogy fits when you use
>>>>>>>> "comparative logic" as opposed to just thinking of the zone in
>>>>>>>> singularity... Compared to the areas on either side of
>>>>> the DMZ, it
>>>>>>>> should be  easy to discern any activity at all in the
>>>>> DMZ itself-
>>>>>>>> particularly hostile  activities.  There are strict
>>>>> policies about
>>>>>>> what
>>>>>>>> can go on in the  Korean DMZ, as there should be in one's
>>>>>>> network DMZ.
>>>>>>>> Internet  traffic is chaotic, and I don't even bother
>> trying to
>>>>>>>> determine what is  going on out on my Internet
>> segment- I can't
>>>>>>> control
>>>>>>>> it anyway (other than  my policy of implementing router
>>>>>>> ACL's to match
>>>>>>>> inbound/outbound traffic  policies at my border
>>>>> router).  Internal
>>>>>>>> traffic isn't chaotic, but it  is  hard to monitor
>> for "hostile"
>>>>>>> packets
>>>>>>>> given the sheer volume and  type of traffic being generated by
>>>>>>> internal
>>>>>>>> users, servers, services, etc to  any number of different
>>>>>> hosts and
>>>>>>>> clients.  But in the DMZ, you should  be able to
>>>>>> immediately notice
>>>>>>> when
>>>>>>>> something out of the ordinary is going  on.  For
>>>>>> instance, if I see
>>>>>>> POP3
>>>>>>>> logon traffic, I know something is  FUBAR, as I don't
>>>>>>> support POP3 in
>>>>>>> my
>>>>>>>> DMZ at all.  If I see modal  enumeration by way of a null
>>>>>> session, I
>>>>>>>> know something is going on.   And etc, etc.
>>>>>>>> 
>>>>>>>> So, to me, it fits, and that is the term I
>>>>>>>> choose to use.  I won't be changing ;)
>>>>>>>> 
>>>>>>>> t
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 1/15/07  6:40 AM, "Gerald G. Young"
>>>>>>>> <g.young@xxxxxxxx> spoketh to  all:
>>>>>>>> The DMZ in Korea itself isn't crawling with
>>>>>>>> military.  Either side of it is, ensuring that the
>>>>> definition of a
>>>>>>>> demilitarized zone is observed and maintained.  Before
>>>>>> the advent of
>>>>>>>> DMZs in networking, a DMZ meant an area from which
>>>>>> military forces,
>>>>>>>> operations, and installations were prohibited.
>>>>>> Essentially, it's a
>>>>>>>> wide empty area that constitutes a border with forces on
>>>>>> either side
>>>>>>>> pointing guns into it.
>>>>>>>> 
>>>>>>>> I've always thought the adaptation of  the
>>>>>>>> acronym to the world of networking a bit strange.
>> "Oh!  We  got
>>>>>>>> activity in our networked DMZ!  Kill it!"  :-)
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Cordially  yours,
>>>>>>>> Jerry G. Young  II
>>>>>>>> Product  Engineer - Senior
>>>>>>>> Platform Engineering, Enterprise Hosting
>>>>>>>> NTT  America, an NTT Communications Company
>>>>>>>> 
>>>>>>>> 22451 Shaw  Rd.
>>>>>>>> Sterling, VA 20166
>>>>>>>> 
>>>>>>>> Office: 571-434-1319
>>>>>>>> Fax:  703-333-6749
>>>>>>>> Email:  g.young@xxxxxxxx
>>>>>>>> 
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Amy
>>>>> Babinchak
>>>>>>>> Sent: Sunday, January 14, 2007  7:08 PM
>>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: RE: [isapros]  Re: ISA, Exchange 2007
>>>>>>>> and Perimeter Networks
>>>>>>>> 
>>>>>>>> 
>>>>>>>> That's what it means to me too. Can't see the
>>>>>>>> Korean  no mans' land as qualifying as a DMZ when it's
>>>>>> crawling with
>>>>>>>> military.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> In this conversation we have to take into
>>>>>>>> consideration that CAS also includes the capability to
>>>>>>> provide access
>>>>>>> to
>>>>>>>> folders and files right in OWA. This may be the thing that the
>>>>>>> Exchange
>>>>>>>> team  thinks throws a monkey wrench into the secure
>>>>>>> deployment of CAS
>>>>>>> in
>>>>>>>> a a DMZ.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ________________________________
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf  of
>>>>>>>> Jason Jones
>>>>>>>> Sent: Sat 1/13/2007 6:46 PM
>>>>>>>> To:  isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007  and
>>>>>>>> Perimeter Networks
>>>>>>>> 
>>>>>>>> For me, DMZ means scary place completely
>>>>>>>> untrusted,  perimeter network means less scary place
>>>>> trusted to a
>>>>>>>> degree, but strongly  controlled
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ________________________________
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
>>>>>> (Hammer of
>>>>>>> God)
>>>>>>>> Sent: 12 January 2007  23:51
>>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
>>>>>>>> Perimeter Networks
>>>>>>>> Interesting... Probably a good idea for us to
>>>>>>>> actually articulate what we really mean when we say DMZ.
>>>>>>>> 
>>>>>>>> I guess to  some it means "free for all network"
>>>>>>>> but for me, it should be the network  where you have the most
>>>>>>>> restrictive policies controlling each service so  that it
>>>>>> is obvious
>>>>>>>> when malicious traffic hits the wire.   Thoughts>
>>>>>>>> t
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 1/12/07 3:30 PM, "Steve Moffat"
>>>>>>>> <steve@xxxxxxxxxx> spoketh to all:
>>>>>>>> That's what I thought, now it's what I  know....
>>>>>>>> 
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of
>> Jim Harrison
>>>>>>>> Sent: Friday, January 12, 2007  6:35 PM
>>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
>>>>>>>> Perimeter Networks
>>>>>>>> 
>>>>>>>> Aside from normal router & switch ACLs, ISA is
>>>>>>>> the single line of defense.
>>>>>>>> "..we don't need no stinking  DMZs"
>>>>>>>> 
>>>>>>>> 
>>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of
>> Steve Moffat
>>>>>>>> Sent: Friday, January 12, 2007  12:12 PM
>>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>>> Subject: [isapros]  Re: ISA, Exchange 2007 and
>>>>>>>> Perimeter Networks
>>>>>>>> 
>>>>>>>> Ahh...just had a thought.
>>>>>>>> 
>>>>>>>> It's all  labeling.
>>>>>>>> 
>>>>>>>> Jason, and others (not Jason's fault), have been
>>>>>>>> using the term DMZ.
>>>>>>>> 
>>>>>>>> Historically, is the term DMZ not taken
>>>>>>>> literally as being completely firewalled off from the trusted
>>>>>>> networks,
>>>>>>>> and  what Jason is talking about is trusted network
>>>>> segmentation.
>>>>>>>> 
>>>>>>>> I  betcha that's why the Exchange team don't
>>>>>>>> support it...they think it's a  typical run of the mill DMZ...
>>>>>>>> 
>>>>>>>> Jim, isn't MS's Internal network  segmented by
>>>>>>>> usin ISA?? Including your mail servers?
>>>>>>>> 
>>>>>>>> S
>>>>>>>> 
>>>>>>>> 
>>>>>>>> All mail to and  from this domain is
>>>>>>>> GFI-scanned.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> All mail to and from this domain is GFI-scanned.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> All mail to and from this domain is GFI-scanned.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> All mail to and from this domain is GFI-scanned.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> All mail to and from this domain is GFI-scanned.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>> 
>>>>> 
>>>>> All mail to and from this domain is GFI-scanned.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
>> 
>> 
> 
> 
>
Follow-Ups:
- [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
  - From: John T \(lists\)
[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

Other related posts:
