Hey, I resemble that remark. John T > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Thor (Hammer of God) > Sent: Wednesday, February 28, 2007 2:08 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Why does the movie "Crazy People" come to mind with all of this?? > > t > > > On 2/28/07 1:47 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to > all: > > > "ISA, the Firewall that Cares" > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- Microsoft Firewalls (ISA) > > > > > > > >> -----Original Message----- > >> From: isapros-bounce@xxxxxxxxxxxxx > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of John T (lists) > >> Sent: Wednesday, February 28, 2007 1:34 PM > >> To: isapros@xxxxxxxxxxxxx > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >> > >> "ISA, not your average hardware firewall!" > >> > >> "An ISA you can trust!" > >> > >> "ISA, it just keeps working and working and working!" > >> > >> "ISA blocks what others let through!" > >> > >> John T > >> > >>> -----Original Message----- > >>> From: isapros-bounce@xxxxxxxxxxxxx > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>> On Behalf Of Greg Mulholland > >>> Sent: Tuesday, February 27, 2007 1:36 PM > >>> To: isapros@xxxxxxxxxxxxx > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>> > >>> An aussie contribution: > >>> > >>> ISA ISA ISA, Oi Oi Oi. > >>> > >>> Sorry that's really bad.. > >>> > >>> -----Original Message----- > >>> From: isapros-bounce@xxxxxxxxxxxxx > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>> On > >>> Behalf Of Thor (Hammer of God) > >>> Sent: Wednesday, 28 February 2007 1:51 AM > >>> To: isapros@xxxxxxxxxxxxx > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>> > >>> How about "ISA. So simple a caveman can use it." Oh wait. > >> SBS already > >>> took > >>> that one! :-p > >>> > >>> t > >>> > >>> > >>> On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> > >>> spoketh > >>> to all: > >>> > >>>> Should be "Firewall's make me Hot", shouldn't it? > >>>> > >>>> How about "Flames, baby flames, you're goin' down." As said by The > >>>> Bomber What Bombs at Midnight. (from The Tick, of course) > >>>> > >>>> Amy > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: isapros-bounce@xxxxxxxxxxxxx > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>>> On Behalf Of Gerald G. Young > >>>> Sent: Tuesday, February 27, 2007 9:12 AM > >>>> To: isapros@xxxxxxxxxxxxx > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>>> > >>>> "ISA, your friendly, neighborhood firewall." > >>>> "Never a dull rule in ISA." > >>>> "ISA's hot." - as imagined said by Paris Hilton. > >>>> "ISA and PIX, sitting in a tree..." - yeah, not so much. ;) > >>>> "I'll show you my certificate if you'll show me yours." > >>>> > >>>> Cordially yours, > >>>> Jerry G. Young II > >>>> Application Engineer, Platform Engineering and Architecture > >>>> NTT America, an NTT Communications Company > >>>> > >>>> 22451 Shaw Rd. > >>>> Sterling, VA 20166 > >>>> > >>>> Office: 571-434-1319 > >>>> Fax: 703-333-6749 > >>>> Email: g.young@xxxxxxxx > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: isapros-bounce@xxxxxxxxxxxxx > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>>> On Behalf Of Thomas W Shinder > >>>> Sent: Monday, February 26, 2007 7:22 PM > >>>> To: isapros@xxxxxxxxxxxxx > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>>> > >>>> "ISA's Got You In Its Sites" > >>>> > >>>> Thomas W Shinder, M.D. > >>>> Site: www.isaserver.org > >>>> Blog: http://blogs.isaserver.org/shinder/ > >>>> Book: http://tinyurl.com/3xqb7 > >>>> MVP -- Microsoft Firewalls (ISA) > >>>> > >>>> > >>>> > >>>>> -----Original Message----- > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > >>>>> Sent: Monday, February 26, 2007 4:01 PM > >>>>> To: isapros@xxxxxxxxxxxxx > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>>>> > >>>>> I'd rather be on Layer 7 > >>>>> > >>>>> Amy > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>>>> On Behalf Of Jim Harrison > >>>>> Sent: Monday, February 26, 2007 4:45 PM > >>>>> To: isapros@xxxxxxxxxxxxx > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>>>> > >>>>> Not bad; except for the trailing commentary... > >>>>> :-p > >>>>> > >>>>> -----Original Message----- > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>>>> On Behalf Of Thomas W Shinder > >>>>> Sent: Monday, February 26, 2007 12:53 PM > >>>>> To: isapros@xxxxxxxxxxxxx > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>>>> > >>>>> How about: > >>>>> > >>>>> "ISA Firewall Rules!" > >>>>> > >>>>> Get it? Firewall rules? Like in firewall ruleset? You > >> know, sort of a > >>>>> double entendre sort of thingie :)) > >>>>> > >>>>> Thomas W Shinder, M.D. > >>>>> Site: www.isaserver.org > >>>>> Blog: http://blogs.isaserver.org/shinder/ > >>>>> Book: http://tinyurl.com/3xqb7 > >>>>> MVP -- Microsoft Firewalls (ISA) > >>>>> > >>>>> > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > >>>>>> Sent: Monday, February 26, 2007 2:27 PM > >>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>>>>> > >>>>>> Ok - it's official - let's get an "ISABlog motto" contest going. > >>>>>> Basic rules: > >>>>>> - no derogatory comments about CheckPix or similar (makes > >>>>> the lawyers > >>>>>> tremble) > >>>>>> - no marketing spew > >>>>>> - keep it short (10 words max) > >>>>>> - must use ISA behavior or feature (like "wpad") > >>>>>> - should abuse a common phrase (like "does a nautical > >> pimp keep his > >>>>>> 'oars' in the water?") > >>>>>> > >>>>>> -----Original Message----- > >>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>>>>> On Behalf Of Thomas W Shinder > >>>>>> Sent: Monday, February 26, 2007 12:23 PM > >>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > >>>>>> > >>>>>> You had me at WPAD? :) > >>>>>> > >>>>>> Thomas W Shinder, M.D. > >>>>>> Site: www.isaserver.org > >>>>>> Blog: http://blogs.isaserver.org/shinder/ > >>>>>> Book: http://tinyurl.com/3xqb7 > >>>>>> MVP -- Microsoft Firewalls (ISA) > >>>>>> > >>>>>> > >>>>>> > >>>>>>> -----Original Message----- > >>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > >>>>>>> Sent: Monday, February 26, 2007 12:26 PM > >>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >> Perimeter Networks > >>>>>>> > >>>>>>> NDA is a completely different point and Amy has it right - > >>>>>>> non-MS lists > >>>>>>> are verboten to NDA material. > >>>>>>> I'm an "odd duck" in this context (for more than one reason - > >>>>>>> ha! - beat > >>>>>>> ya to it!), because it's actually a large part of my job > >>>>> to "keep my > >>>>>>> finger on the pulse", as it were. This is why you see me > >>>>>> doing trips > >>>>>>> like tech Ready & Black Hat. Unfortunately, fiscal > >>>>>>> limitations curtail > >>>>>>> any further involvement, but such is corporate life. > >>>>>>> > >>>>>>> I agree that the ISA team hasn't exactly kept pace > >> with teams like > >>>>>>> Exchange (we don't even have a silly motto like "you had me > >>>>>> at ehlo"), > >>>>>>> but it still comes back to the "effort priorities". I've > >>>>>> been working > >>>>>>> with the right folks to make this a better experience > >> all around > >>>>>>> (especially for the MVPs), but these things tend to > >> move slowly... > >>>>>>> > >>>>>>> -----Original Message----- > >>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>>>>>> On Behalf Of Thor (Hammer of God) > >>>>>>> Sent: Monday, February 26, 2007 9:54 AM > >>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >> Perimeter Networks > >>>>>>> > >>>>>>> Conflicting info, then. I was told by a source that non-MSFT > >>>>>>> lists were > >>>>>>> poo-poo'ed on for liability and NDA reasons. > >>>>>>> > >>>>>>> And while I totally understand the "bottom line" thinking, it > >>>>>>> seems like > >>>>>>> a > >>>>>>> huge waste to initiate something like the MVP program and to > >>>>>>> go through > >>>>>>> all > >>>>>>> the motions only to do it half-assed. > >>>>>>> > >>>>>>> t > >>>>>>> > >>>>>>> > >>>>>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> > >>>>>> spoketh to all: > >>>>>>> > >>>>>>>> In fact, ISA product team members are strongly encouraged to > >>>>>>> participate > >>>>>>>> in lists, NG, blogs and all other manner of public > >> communication > >>>>>>>> efforts. > >>>>>>>> The sad fact is; the time available for such endeavors > >>>>> is woefully > >>>>>>>> small. > >>>>>>>> MS, like many profit-making businesses, operates with > >>>>> the smallest > >>>>>>> teams > >>>>>>>> required to produce product "X". > >>>>>>>> Unfortunately, with software engineering being what it > >>>>> is, and the > >>>>>>>> pressures of the marketing "old boy club", the teams are > >>>>>>> too small to > >>>>>>>> cover all the "nice to do" bases and still leave > >> folks time for > >>>>>>>> themselves. > >>>>>>>> > >>>>>>>> > >>>>>>>> -----Original Message----- > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > >>>>>>>> On Behalf Of Thor (Hammer of God) > >>>>>>>> Sent: Monday, February 26, 2007 9:07 AM > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >> Perimeter Networks > >>>>>>>> > >>>>>>>> I never really saw much from the PM's over there- just that > >>>>>>> one stint > >>>>>>>> about SQL logging, and to be honest, there wasn't > >> much valuable > >>>>>>> content > >>>>>>>> sourced from the MSFT side... In fact, as I understand it, > >>>>>>> the PM and > >>>>>>>> product support people (other than Jim) are apparently > >>>>>> not pushed to > >>>>>>>> participate (and may be asked not to) because of the fact > >>>>>> that it is > >>>>>>> NOT > >>>>>>>> an official MSFT site, and that NDA and product liability > >>>>>> may be an > >>>>>>>> issue. > >>>>>>>> > >>>>>>>> I'm going to draft up a "suggestions for the MVP program" > >>>>>> and submit > >>>>>>>> them to the powers that be, just so that things like > >> this can be > >>>>>>>> addressed. > >>>>>>>> > >>>>>>>> t > >>>>>>>> > >>>>>>>> > >>>>>>>> On 2/26/07 8:50 AM, "Thomas W Shinder" > >>>>>>> <tshinder@xxxxxxxxxxx> spoketh > >>>>>>> to > >>>>>>>> all: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> It's been a real problem for the ISA PG to work with the ISA > >>>>>>>> MVPs, because they think that the ISA MVPs are still > >>>>>>> involved with the > >>>>>>>> ISA MVP mailing list. I explained to them that because > >>>>> of "issues" > >>>>>>> with > >>>>>>>> that list that there was less than optimal participation > >>>>>>> and that they > >>>>>>>> needed to get a MS managed solution. At the very least, > >>>>> they could > >>>>>>>> create their own DL and send mail to people on that > >> list. I hate > >>>>>>> missing > >>>>>>>> out on the ISA PGs communications on that "other" list, but > >>>>>>> my life is > >>>>>>>> so much better not having to listen to the ****** that > >>>>>> happens over > >>>>>>>> there. > >>>>>>>> > >>>>>>>> Thomas W Shinder, M.D. > >>>>>>>> Site: www.isaserver.org <http://www.isaserver.org/> > >>>>>>>> <http://www.isaserver.org/> > >>>>>>>> Blog: http://blogs.isaserver.org/shinder/ > >>>>>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > >>>>>>>> <http://tinyurl.com/3xqb7> > >>>>>>>> MVP -- Microsoft Firewalls (ISA) > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> ________________________________ > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > >>>>> (Hammer of > >>>>>>> God) > >>>>>>>> Sent: Monday, February 26, 2007 8:56 AM > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter > >>>>>>>> Networks > >>>>>>>> > >>>>>>>> > >>>>>>>> I spoke with Melissa Travers, the MVP Lead for both ISA > >>>>>>>> and Exchange, and she said the Exchange group's MVP site > >>>>>> was really, > >>>>>>>> really good, and that the Exchange group themselves is > >>>>>> quite active. > >>>>>>>> Being they are the Exchange group, I can see why they > >>>>> would have a > >>>>>>>> decent portal. ;) > >>>>>>>> > >>>>>>>> I suggested that if there were a single sourced, > >>>>>>>> Microsoft controlled MVP site where we could "browse > >>>>>> through" other > >>>>>>> MVP > >>>>>>>> list content, that issues like this (the perceptions > >>>>>>> surrounding what > >>>>>>>> Exchange will and won't support and why) would be much > >>>>> easier to > >>>>>>>> manage, and that "the right people" from both sides could > >>>>>>> engage each > >>>>>>>> other in a positive way when two technologies collide like > >>>>>>> this. To > >>>>>>>> me, this is a major shortcoming in the MVP program > >>>>>> overall. Given > >>>>>>> the > >>>>>>>> fact that the MVP program was created in order to provide a > >>>>>>>> collaborative environment for various technologies, it > >>>>>> seems like a > >>>>>>>> horrible waste of a perfect opportunity to expand that > >>>>>> environment > >>>>>>> out > >>>>>>>> to the MVP's and product teams in other product > >>>>>> competencies. The > >>>>>>>> fate of the ISA-MVP list is testament to that. > >>>>>>>> > >>>>>>>> So, in the absence of a coordinated effort on > >>>>>>>> Microsoft's part to wrap it's collective arms around the > >>>>>> MVP's and > >>>>>>>> product teams, I'll see if I can get on the Exchange > >>>>> MVP list and > >>>>>>> begin > >>>>>>>> a dialog of exactly what is going on here. But I'll > >>>>> need to get > >>>>>>>> immersed in Ex2007 first, which I've just not had the > >>>>> time to do. > >>>>>>> The > >>>>>>>> promise of true unified messaging in 2007 was a major draw > >>>>>>> to me, but > >>>>>>>> given the apparent narrow PBX support and lack of official > >>>>>>>> functionality documentation, the rush to explore has lost it's > >>>>>>> luster. > >>>>>>>> > >>>>>>>> t > >>>>>>>> > >>>>>>>> > >>>>>>>> On 2/26/07 6:02 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> > >>>>>>>> spoketh to all: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> Documentation always follows the product, which > >>>>>>>> is barely on the streets. > >>>>>>>> I've seen some regarding WM6, but the basic > >>>>>>>> concepts are the same. > >>>>>>>> ..coming soon to a website near you... > >>>>>>>> > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > >> Jason Jones > >>>>>>>> Sent: Monday, February 26, 2007 3:31 AM > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >>>>>>>> Perimeter Networks > >>>>>>>> > >>>>>>>> Hi All, > >>>>>>>> > >>>>>>>> Anyone (Tim?) had chance to look at the least > >>>>>>>> privilige approach with Exchange 2007 yet? > >>>>>>>> > >>>>>>>> From what I am hearing the "CAS not supported in > >>>>>>>> perimeter" statement is based more on "we haven't tested it > >>>>>>> yet" more > >>>>>>>> than "we don't think it is a good idea". > >>>>>>>> > >>>>>>>> I have a few customers looking at placing the > >>>>>>>> entire Exchange architecture behind ISA (very > >>>>> untrusted LANs) - I > >>>>>>> have > >>>>>>>> done this with Exch2k3, but has anyone looked at this > >>>>>> for Exch2k7? > >>>>>>>> > >>>>>>>> I am guessing this is not supported either, but > >>>>>>>> documentation is very thin on the ground with reference > >>>>> to 2k7 and > >>>>>>>> periemeter networking.... > >>>>>>>> > >>>>>>>> Cheers > >>>>>>>> > >>>>>>>> JJ > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> ________________________________ > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > >>>>>> (Hammer of > >>>>>>> God) > >>>>>>>> Sent: 15 January 2007 15:27 > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >>>>>>>> Perimeter Networks > >>>>>>>> Right you are... The analogy fits when you use > >>>>>>>> "comparative logic" as opposed to just thinking of the zone in > >>>>>>>> singularity... Compared to the areas on either side of > >>>>> the DMZ, it > >>>>>>>> should be easy to discern any activity at all in the > >>>>> DMZ itself- > >>>>>>>> particularly hostile activities. There are strict > >>>>> policies about > >>>>>>> what > >>>>>>>> can go on in the Korean DMZ, as there should be in one's > >>>>>>> network DMZ. > >>>>>>>> Internet traffic is chaotic, and I don't even bother > >> trying to > >>>>>>>> determine what is going on out on my Internet > >> segment- I can't > >>>>>>> control > >>>>>>>> it anyway (other than my policy of implementing router > >>>>>>> ACL's to match > >>>>>>>> inbound/outbound traffic policies at my border > >>>>> router). Internal > >>>>>>>> traffic isn't chaotic, but it is hard to monitor > >> for "hostile" > >>>>>>> packets > >>>>>>>> given the sheer volume and type of traffic being generated by > >>>>>>> internal > >>>>>>>> users, servers, services, etc to any number of different > >>>>>> hosts and > >>>>>>>> clients. But in the DMZ, you should be able to > >>>>>> immediately notice > >>>>>>> when > >>>>>>>> something out of the ordinary is going on. For > >>>>>> instance, if I see > >>>>>>> POP3 > >>>>>>>> logon traffic, I know something is FUBAR, as I don't > >>>>>>> support POP3 in > >>>>>>> my > >>>>>>>> DMZ at all. If I see modal enumeration by way of a null > >>>>>> session, I > >>>>>>>> know something is going on. And etc, etc. > >>>>>>>> > >>>>>>>> So, to me, it fits, and that is the term I > >>>>>>>> choose to use. I won't be changing ;) > >>>>>>>> > >>>>>>>> t > >>>>>>>> > >>>>>>>> > >>>>>>>> On 1/15/07 6:40 AM, "Gerald G. Young" > >>>>>>>> <g.young@xxxxxxxx> spoketh to all: > >>>>>>>> The DMZ in Korea itself isn't crawling with > >>>>>>>> military. Either side of it is, ensuring that the > >>>>> definition of a > >>>>>>>> demilitarized zone is observed and maintained. Before > >>>>>> the advent of > >>>>>>>> DMZs in networking, a DMZ meant an area from which > >>>>>> military forces, > >>>>>>>> operations, and installations were prohibited. > >>>>>> Essentially, it's a > >>>>>>>> wide empty area that constitutes a border with forces on > >>>>>> either side > >>>>>>>> pointing guns into it. > >>>>>>>> > >>>>>>>> I've always thought the adaptation of the > >>>>>>>> acronym to the world of networking a bit strange. > >> "Oh! We got > >>>>>>>> activity in our networked DMZ! Kill it!" :-) > >>>>>>>> > >>>>>>>> > >>>>>>>> Cordially yours, > >>>>>>>> Jerry G. Young II > >>>>>>>> Product Engineer - Senior > >>>>>>>> Platform Engineering, Enterprise Hosting > >>>>>>>> NTT America, an NTT Communications Company > >>>>>>>> > >>>>>>>> 22451 Shaw Rd. > >>>>>>>> Sterling, VA 20166 > >>>>>>>> > >>>>>>>> Office: 571-434-1319 > >>>>>>>> Fax: 703-333-6749 > >>>>>>>> Email: g.young@xxxxxxxx > >>>>>>>> > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy > >>>>> Babinchak > >>>>>>>> Sent: Sunday, January 14, 2007 7:08 PM > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: RE: [isapros] Re: ISA, Exchange 2007 > >>>>>>>> and Perimeter Networks > >>>>>>>> > >>>>>>>> > >>>>>>>> That's what it means to me too. Can't see the > >>>>>>>> Korean no mans' land as qualifying as a DMZ when it's > >>>>>> crawling with > >>>>>>>> military. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> In this conversation we have to take into > >>>>>>>> consideration that CAS also includes the capability to > >>>>>>> provide access > >>>>>>> to > >>>>>>>> folders and files right in OWA. This may be the thing that the > >>>>>>> Exchange > >>>>>>>> team thinks throws a monkey wrench into the secure > >>>>>>> deployment of CAS > >>>>>>> in > >>>>>>>> a a DMZ. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> ________________________________ > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf of > >>>>>>>> Jason Jones > >>>>>>>> Sent: Sat 1/13/2007 6:46 PM > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >>>>>>>> Perimeter Networks > >>>>>>>> > >>>>>>>> For me, DMZ means scary place completely > >>>>>>>> untrusted, perimeter network means less scary place > >>>>> trusted to a > >>>>>>>> degree, but strongly controlled > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> ________________________________ > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > >>>>>> (Hammer of > >>>>>>> God) > >>>>>>>> Sent: 12 January 2007 23:51 > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >>>>>>>> Perimeter Networks > >>>>>>>> Interesting... Probably a good idea for us to > >>>>>>>> actually articulate what we really mean when we say DMZ. > >>>>>>>> > >>>>>>>> I guess to some it means "free for all network" > >>>>>>>> but for me, it should be the network where you have the most > >>>>>>>> restrictive policies controlling each service so that it > >>>>>> is obvious > >>>>>>>> when malicious traffic hits the wire. Thoughts> > >>>>>>>> t > >>>>>>>> > >>>>>>>> > >>>>>>>> On 1/12/07 3:30 PM, "Steve Moffat" > >>>>>>>> <steve@xxxxxxxxxx> spoketh to all: > >>>>>>>> That's what I thought, now it's what I know.... > >>>>>>>> > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > >> Jim Harrison > >>>>>>>> Sent: Friday, January 12, 2007 6:35 PM > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >>>>>>>> Perimeter Networks > >>>>>>>> > >>>>>>>> Aside from normal router & switch ACLs, ISA is > >>>>>>>> the single line of defense. > >>>>>>>> "..we don't need no stinking DMZs" > >>>>>>>> > >>>>>>>> > >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx > >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > >> Steve Moffat > >>>>>>>> Sent: Friday, January 12, 2007 12:12 PM > >>>>>>>> To: isapros@xxxxxxxxxxxxx > >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > >>>>>>>> Perimeter Networks > >>>>>>>> > >>>>>>>> Ahh...just had a thought. > >>>>>>>> > >>>>>>>> It's all labeling. > >>>>>>>> > >>>>>>>> Jason, and others (not Jason's fault), have been > >>>>>>>> using the term DMZ. > >>>>>>>> > >>>>>>>> Historically, is the term DMZ not taken > >>>>>>>> literally as being completely firewalled off from the trusted > >>>>>>> networks, > >>>>>>>> and what Jason is talking about is trusted network > >>>>> segmentation. > >>>>>>>> > >>>>>>>> I betcha that's why the Exchange team don't > >>>>>>>> support it...they think it's a typical run of the mill DMZ... > >>>>>>>> > >>>>>>>> Jim, isn't MS's Internal network segmented by > >>>>>>>> usin ISA?? Including your mail servers? > >>>>>>>> > >>>>>>>> S > >>>>>>>> > >>>>>>>> > >>>>>>>> All mail to and from this domain is > >>>>>>>> GFI-scanned. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> All mail to and from this domain is GFI-scanned. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> All mail to and from this domain is GFI-scanned. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> All mail to and from this domain is GFI-scanned. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> > >>>>>> All mail to and from this domain is GFI-scanned. > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> All mail to and from this domain is GFI-scanned. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >>> > >>> > >> > >> > >> > >> > >> > > > > > > > >