I just found out ugg boots are made from sheepskin-Pamela Anderson -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Thursday, 1 March 2007 9:40 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks America will never run... And we will always be grateful that liberty has found such brave defenders. George W. Bush -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland Sent: Wednesday, February 28, 2007 6:20 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks Ooh ooh.. even better Dude, wheres my DMZ?? In the days of perimter networks :) -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland Sent: Thursday, 1 March 2007 9:15 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks A few I thought of ISA - The route to firewall bliss Where all your networks are related Where networks rule (get it network.. rule.. c?) ISA Server - The one and only firewall policy (my fav) -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Thursday, 1 March 2007 8:47 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks "ISA, the Firewall that Cares" Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of John T (lists) > Sent: Wednesday, February 28, 2007 1:34 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > "ISA, not your average hardware firewall!" > > "An ISA you can trust!" > > "ISA, it just keeps working and working and working!" > > "ISA blocks what others let through!" > > John T > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > On Behalf Of Greg Mulholland > > Sent: Tuesday, February 27, 2007 1:36 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > An aussie contribution: > > > > ISA ISA ISA, Oi Oi Oi. > > > > Sorry that's really bad.. > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > On > > Behalf Of Thor (Hammer of God) > > Sent: Wednesday, 28 February 2007 1:51 AM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > How about "ISA. So simple a caveman can use it." Oh wait. > SBS already > > took > > that one! :-p > > > > t > > > > > > On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> > > spoketh > > to all: > > > > > Should be "Firewall's make me Hot", shouldn't it? > > > > > > How about "Flames, baby flames, you're goin' down." As said by The > > > Bomber What Bombs at Midnight. (from The Tick, of course) > > > > > > Amy > > > > > > > > > -----Original Message----- > > > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > On Behalf Of Gerald G. Young > > > Sent: Tuesday, February 27, 2007 9:12 AM > > > To: isapros@xxxxxxxxxxxxx > > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > > > "ISA, your friendly, neighborhood firewall." > > > "Never a dull rule in ISA." > > > "ISA's hot." - as imagined said by Paris Hilton. > > > "ISA and PIX, sitting in a tree..." - yeah, not so much. ;) > > > "I'll show you my certificate if you'll show me yours." > > > > > > Cordially yours, > > > Jerry G. Young II > > > Application Engineer, Platform Engineering and Architecture > > > NTT America, an NTT Communications Company > > > > > > 22451 Shaw Rd. > > > Sterling, VA 20166 > > > > > > Office: 571-434-1319 > > > Fax: 703-333-6749 > > > Email: g.young@xxxxxxxx > > > > > > > > > -----Original Message----- > > > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > On Behalf Of Thomas W Shinder > > > Sent: Monday, February 26, 2007 7:22 PM > > > To: isapros@xxxxxxxxxxxxx > > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > > > "ISA's Got You In Its Sites" > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > > > >> -----Original Message----- > > >> From: isapros-bounce@xxxxxxxxxxxxx > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > > >> Sent: Monday, February 26, 2007 4:01 PM > > >> To: isapros@xxxxxxxxxxxxx > > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > >> > > >> I'd rather be on Layer 7 > > >> > > >> Amy > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> -----Original Message----- > > >> From: isapros-bounce@xxxxxxxxxxxxx > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > >> On Behalf Of Jim Harrison > > >> Sent: Monday, February 26, 2007 4:45 PM > > >> To: isapros@xxxxxxxxxxxxx > > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > >> > > >> Not bad; except for the trailing commentary... > > >> :-p > > >> > > >> -----Original Message----- > > >> From: isapros-bounce@xxxxxxxxxxxxx > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > >> On Behalf Of Thomas W Shinder > > >> Sent: Monday, February 26, 2007 12:53 PM > > >> To: isapros@xxxxxxxxxxxxx > > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > >> > > >> How about: > > >> > > >> "ISA Firewall Rules!" > > >> > > >> Get it? Firewall rules? Like in firewall ruleset? You > know, sort of a > > >> double entendre sort of thingie :)) > > >> > > >> Thomas W Shinder, M.D. > > >> Site: www.isaserver.org > > >> Blog: http://blogs.isaserver.org/shinder/ > > >> Book: http://tinyurl.com/3xqb7 > > >> MVP -- Microsoft Firewalls (ISA) > > >> > > >> > > >> > > >>> -----Original Message----- > > >>> From: isapros-bounce@xxxxxxxxxxxxx > > >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > >>> Sent: Monday, February 26, 2007 2:27 PM > > >>> To: isapros@xxxxxxxxxxxxx > > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > >>> > > >>> Ok - it's official - let's get an "ISABlog motto" contest going. > > >>> Basic rules: > > >>> - no derogatory comments about CheckPix or similar (makes > > >> the lawyers > > >>> tremble) > > >>> - no marketing spew > > >>> - keep it short (10 words max) > > >>> - must use ISA behavior or feature (like "wpad") > > >>> - should abuse a common phrase (like "does a nautical > pimp keep his > > >>> 'oars' in the water?") > > >>> > > >>> -----Original Message----- > > >>> From: isapros-bounce@xxxxxxxxxxxxx > > >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > >>> On Behalf Of Thomas W Shinder > > >>> Sent: Monday, February 26, 2007 12:23 PM > > >>> To: isapros@xxxxxxxxxxxxx > > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > >>> > > >>> You had me at WPAD? :) > > >>> > > >>> Thomas W Shinder, M.D. > > >>> Site: www.isaserver.org > > >>> Blog: http://blogs.isaserver.org/shinder/ > > >>> Book: http://tinyurl.com/3xqb7 > > >>> MVP -- Microsoft Firewalls (ISA) > > >>> > > >>> > > >>> > > >>>> -----Original Message----- > > >>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > >>>> Sent: Monday, February 26, 2007 12:26 PM > > >>>> To: isapros@xxxxxxxxxxxxx > > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and > Perimeter Networks > > >>>> > > >>>> NDA is a completely different point and Amy has it right - > > >>>> non-MS lists > > >>>> are verboten to NDA material. > > >>>> I'm an "odd duck" in this context (for more than one reason - > > >>>> ha! - beat > > >>>> ya to it!), because it's actually a large part of my job > > >> to "keep my > > >>>> finger on the pulse", as it were. This is why you see me > > >>> doing trips > > >>>> like tech Ready & Black Hat. Unfortunately, fiscal > > >>>> limitations curtail > > >>>> any further involvement, but such is corporate life. > > >>>> > > >>>> I agree that the ISA team hasn't exactly kept pace > with teams like > > >>>> Exchange (we don't even have a silly motto like "you had me > > >>> at ehlo"), > > >>>> but it still comes back to the "effort priorities". I've > > >>> been working > > >>>> with the right folks to make this a better experience > all around > > >>>> (especially for the MVPs), but these things tend to > move slowly... > > >>>> > > >>>> -----Original Message----- > > >>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > >>>> On Behalf Of Thor (Hammer of God) > > >>>> Sent: Monday, February 26, 2007 9:54 AM > > >>>> To: isapros@xxxxxxxxxxxxx > > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and > Perimeter Networks > > >>>> > > >>>> Conflicting info, then. I was told by a source that non-MSFT > > >>>> lists were > > >>>> poo-poo'ed on for liability and NDA reasons. > > >>>> > > >>>> And while I totally understand the "bottom line" thinking, it > > >>>> seems like > > >>>> a > > >>>> huge waste to initiate something like the MVP program and to > > >>>> go through > > >>>> all > > >>>> the motions only to do it half-assed. > > >>>> > > >>>> t > > >>>> > > >>>> > > >>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> > > >>> spoketh to all: > > >>>> > > >>>>> In fact, ISA product team members are strongly encouraged to > > >>>> participate > > >>>>> in lists, NG, blogs and all other manner of public > communication > > >>>>> efforts. > > >>>>> The sad fact is; the time available for such endeavors > > >> is woefully > > >>>>> small. > > >>>>> MS, like many profit-making businesses, operates with > > >> the smallest > > >>>> teams > > >>>>> required to produce product "X". > > >>>>> Unfortunately, with software engineering being what it > > >> is, and the > > >>>>> pressures of the marketing "old boy club", the teams are > > >>>> too small to > > >>>>> cover all the "nice to do" bases and still leave > folks time for > > >>>>> themselves. > > >>>>> > > >>>>> > > >>>>> -----Original Message----- > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > >>>>> On Behalf Of Thor (Hammer of God) > > >>>>> Sent: Monday, February 26, 2007 9:07 AM > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > Perimeter Networks > > >>>>> > > >>>>> I never really saw much from the PM's over there- just that > > >>>> one stint > > >>>>> about SQL logging, and to be honest, there wasn't > much valuable > > >>>> content > > >>>>> sourced from the MSFT side... In fact, as I understand it, > > >>>> the PM and > > >>>>> product support people (other than Jim) are apparently > > >>> not pushed to > > >>>>> participate (and may be asked not to) because of the fact > > >>> that it is > > >>>> NOT > > >>>>> an official MSFT site, and that NDA and product liability > > >>> may be an > > >>>>> issue. > > >>>>> > > >>>>> I'm going to draft up a "suggestions for the MVP program" > > >>> and submit > > >>>>> them to the powers that be, just so that things like > this can be > > >>>>> addressed. > > >>>>> > > >>>>> t > > >>>>> > > >>>>> > > >>>>> On 2/26/07 8:50 AM, "Thomas W Shinder" > > >>>> <tshinder@xxxxxxxxxxx> spoketh > > >>>> to > > >>>>> all: > > >>>>> > > >>>>> > > >>>>> > > >>>>> It's been a real problem for the ISA PG to work with the ISA > > >>>>> MVPs, because they think that the ISA MVPs are still > > >>>> involved with the > > >>>>> ISA MVP mailing list. I explained to them that because > > >> of "issues" > > >>>> with > > >>>>> that list that there was less than optimal participation > > >>>> and that they > > >>>>> needed to get a MS managed solution. At the very least, > > >> they could > > >>>>> create their own DL and send mail to people on that > list. I hate > > >>>> missing > > >>>>> out on the ISA PGs communications on that "other" list, but > > >>>> my life is > > >>>>> so much better not having to listen to the ****** that > > >>> happens over > > >>>>> there. > > >>>>> > > >>>>> Thomas W Shinder, M.D. > > >>>>> Site: www.isaserver.org <http://www.isaserver.org/> > > >>>>> <http://www.isaserver.org/> > > >>>>> Blog: http://blogs.isaserver.org/shinder/ > > >>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > > >>>>> <http://tinyurl.com/3xqb7> > > >>>>> MVP -- Microsoft Firewalls (ISA) > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> ________________________________ > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > >> (Hammer of > > >>>> God) > > >>>>> Sent: Monday, February 26, 2007 8:56 AM > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter > > >>>>> Networks > > >>>>> > > >>>>> > > >>>>> I spoke with Melissa Travers, the MVP Lead for both ISA > > >>>>> and Exchange, and she said the Exchange group's MVP site > > >>> was really, > > >>>>> really good, and that the Exchange group themselves is > > >>> quite active. > > >>>>> Being they are the Exchange group, I can see why they > > >> would have a > > >>>>> decent portal. ;) > > >>>>> > > >>>>> I suggested that if there were a single sourced, > > >>>>> Microsoft controlled MVP site where we could "browse > > >>> through" other > > >>>> MVP > > >>>>> list content, that issues like this (the perceptions > > >>>> surrounding what > > >>>>> Exchange will and won't support and why) would be much > > >> easier to > > >>>>> manage, and that "the right people" from both sides could > > >>>> engage each > > >>>>> other in a positive way when two technologies collide like > > >>>> this. To > > >>>>> me, this is a major shortcoming in the MVP program > > >>> overall. Given > > >>>> the > > >>>>> fact that the MVP program was created in order to provide a > > >>>>> collaborative environment for various technologies, it > > >>> seems like a > > >>>>> horrible waste of a perfect opportunity to expand that > > >>> environment > > >>>> out > > >>>>> to the MVP's and product teams in other product > > >>> competencies. The > > >>>>> fate of the ISA-MVP list is testament to that. > > >>>>> > > >>>>> So, in the absence of a coordinated effort on > > >>>>> Microsoft's part to wrap it's collective arms around the > > >>> MVP's and > > >>>>> product teams, I'll see if I can get on the Exchange > > >> MVP list and > > >>>> begin > > >>>>> a dialog of exactly what is going on here. But I'll > > >> need to get > > >>>>> immersed in Ex2007 first, which I've just not had the > > >> time to do. > > >>>> The > > >>>>> promise of true unified messaging in 2007 was a major draw > > >>>> to me, but > > >>>>> given the apparent narrow PBX support and lack of official > > >>>>> functionality documentation, the rush to explore has lost it's > > >>>> luster. > > >>>>> > > >>>>> t > > >>>>> > > >>>>> > > >>>>> On 2/26/07 6:02 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> > > >>>>> spoketh to all: > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> Documentation always follows the product, which > > >>>>> is barely on the streets. > > >>>>> I've seen some regarding WM6, but the basic > > >>>>> concepts are the same. > > >>>>> ..coming soon to a website near you... > > >>>>> > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > Jason Jones > > >>>>> Sent: Monday, February 26, 2007 3:31 AM > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > >>>>> Perimeter Networks > > >>>>> > > >>>>> Hi All, > > >>>>> > > >>>>> Anyone (Tim?) had chance to look at the least > > >>>>> privilige approach with Exchange 2007 yet? > > >>>>> > > >>>>> From what I am hearing the "CAS not supported in > > >>>>> perimeter" statement is based more on "we haven't tested it > > >>>> yet" more > > >>>>> than "we don't think it is a good idea". > > >>>>> > > >>>>> I have a few customers looking at placing the > > >>>>> entire Exchange architecture behind ISA (very > > >> untrusted LANs) - I > > >>>> have > > >>>>> done this with Exch2k3, but has anyone looked at this > > >>> for Exch2k7? > > >>>>> > > >>>>> I am guessing this is not supported either, but > > >>>>> documentation is very thin on the ground with reference > > >> to 2k7 and > > >>>>> periemeter networking.... > > >>>>> > > >>>>> Cheers > > >>>>> > > >>>>> JJ > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> ________________________________ > > >>>>> > > >>>>> > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > >>> (Hammer of > > >>>> God) > > >>>>> Sent: 15 January 2007 15:27 > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > >>>>> Perimeter Networks > > >>>>> Right you are... The analogy fits when you use > > >>>>> "comparative logic" as opposed to just thinking of the zone in > > >>>>> singularity... Compared to the areas on either side of > > >> the DMZ, it > > >>>>> should be easy to discern any activity at all in the > > >> DMZ itself- > > >>>>> particularly hostile activities. There are strict > > >> policies about > > >>>> what > > >>>>> can go on in the Korean DMZ, as there should be in one's > > >>>> network DMZ. > > >>>>> Internet traffic is chaotic, and I don't even bother > trying to > > >>>>> determine what is going on out on my Internet > segment- I can't > > >>>> control > > >>>>> it anyway (other than my policy of implementing router > > >>>> ACL's to match > > >>>>> inbound/outbound traffic policies at my border > > >> router). Internal > > >>>>> traffic isn't chaotic, but it is hard to monitor > for "hostile" > > >>>> packets > > >>>>> given the sheer volume and type of traffic being generated by > > >>>> internal > > >>>>> users, servers, services, etc to any number of different > > >>> hosts and > > >>>>> clients. But in the DMZ, you should be able to > > >>> immediately notice > > >>>> when > > >>>>> something out of the ordinary is going on. For > > >>> instance, if I see > > >>>> POP3 > > >>>>> logon traffic, I know something is FUBAR, as I don't > > >>>> support POP3 in > > >>>> my > > >>>>> DMZ at all. If I see modal enumeration by way of a null > > >>> session, I > > >>>>> know something is going on. And etc, etc. > > >>>>> > > >>>>> So, to me, it fits, and that is the term I > > >>>>> choose to use. I won't be changing ;) > > >>>>> > > >>>>> t > > >>>>> > > >>>>> > > >>>>> On 1/15/07 6:40 AM, "Gerald G. Young" > > >>>>> <g.young@xxxxxxxx> spoketh to all: > > >>>>> The DMZ in Korea itself isn't crawling with > > >>>>> military. Either side of it is, ensuring that the > > >> definition of a > > >>>>> demilitarized zone is observed and maintained. Before > > >>> the advent of > > >>>>> DMZs in networking, a DMZ meant an area from which > > >>> military forces, > > >>>>> operations, and installations were prohibited. > > >>> Essentially, it's a > > >>>>> wide empty area that constitutes a border with forces on > > >>> either side > > >>>>> pointing guns into it. > > >>>>> > > >>>>> I've always thought the adaptation of the > > >>>>> acronym to the world of networking a bit strange. > "Oh! We got > > >>>>> activity in our networked DMZ! Kill it!" :-) > > >>>>> > > >>>>> > > >>>>> Cordially yours, > > >>>>> Jerry G. Young II > > >>>>> Product Engineer - Senior > > >>>>> Platform Engineering, Enterprise Hosting > > >>>>> NTT America, an NTT Communications Company > > >>>>> > > >>>>> 22451 Shaw Rd. > > >>>>> Sterling, VA 20166 > > >>>>> > > >>>>> Office: 571-434-1319 > > >>>>> Fax: 703-333-6749 > > >>>>> Email: g.young@xxxxxxxx > > >>>>> > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy > > >> Babinchak > > >>>>> Sent: Sunday, January 14, 2007 7:08 PM > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: RE: [isapros] Re: ISA, Exchange 2007 > > >>>>> and Perimeter Networks > > >>>>> > > >>>>> > > >>>>> That's what it means to me too. Can't see the > > >>>>> Korean no mans' land as qualifying as a DMZ when it's > > >>> crawling with > > >>>>> military. > > >>>>> > > >>>>> > > >>>>> > > >>>>> In this conversation we have to take into > > >>>>> consideration that CAS also includes the capability to > > >>>> provide access > > >>>> to > > >>>>> folders and files right in OWA. This may be the thing that the > > >>>> Exchange > > >>>>> team thinks throws a monkey wrench into the secure > > >>>> deployment of CAS > > >>>> in > > >>>>> a a DMZ. > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> ________________________________ > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf of > > >>>>> Jason Jones > > >>>>> Sent: Sat 1/13/2007 6:46 PM > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > >>>>> Perimeter Networks > > >>>>> > > >>>>> For me, DMZ means scary place completely > > >>>>> untrusted, perimeter network means less scary place > > >> trusted to a > > >>>>> degree, but strongly controlled > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> ________________________________ > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > >>> (Hammer of > > >>>> God) > > >>>>> Sent: 12 January 2007 23:51 > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > >>>>> Perimeter Networks > > >>>>> Interesting... Probably a good idea for us to > > >>>>> actually articulate what we really mean when we say DMZ. > > >>>>> > > >>>>> I guess to some it means "free for all network" > > >>>>> but for me, it should be the network where you have the most > > >>>>> restrictive policies controlling each service so that it > > >>> is obvious > > >>>>> when malicious traffic hits the wire. Thoughts> > > >>>>> t > > >>>>> > > >>>>> > > >>>>> On 1/12/07 3:30 PM, "Steve Moffat" > > >>>>> <steve@xxxxxxxxxx> spoketh to all: > > >>>>> That's what I thought, now it's what I know.... > > >>>>> > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > Jim Harrison > > >>>>> Sent: Friday, January 12, 2007 6:35 PM > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > >>>>> Perimeter Networks > > >>>>> > > >>>>> Aside from normal router & switch ACLs, ISA is > > >>>>> the single line of defense. > > >>>>> "..we don't need no stinking DMZs" > > >>>>> > > >>>>> > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > Steve Moffat > > >>>>> Sent: Friday, January 12, 2007 12:12 PM > > >>>>> To: isapros@xxxxxxxxxxxxx > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > >>>>> Perimeter Networks > > >>>>> > > >>>>> Ahh...just had a thought. > > >>>>> > > >>>>> It's all labeling. > > >>>>> > > >>>>> Jason, and others (not Jason's fault), have been > > >>>>> using the term DMZ. > > >>>>> > > >>>>> Historically, is the term DMZ not taken > > >>>>> literally as being completely firewalled off from the trusted > > >>>> networks, > > >>>>> and what Jason is talking about is trusted network > > >> segmentation. > > >>>>> > > >>>>> I betcha that's why the Exchange team don't > > >>>>> support it...they think it's a typical run of the mill DMZ... > > >>>>> > > >>>>> Jim, isn't MS's Internal network segmented by > > >>>>> usin ISA?? Including your mail servers? > > >>>>> > > >>>>> S > > >>>>> > > >>>>> > > >>>>> All mail to and from this domain is > > >>>>> GFI-scanned. > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> All mail to and from this domain is GFI-scanned. > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> All mail to and from this domain is GFI-scanned. > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> All mail to and from this domain is GFI-scanned. > > >>>> > > >>>> > > >>>> > > >>>> > > >>> > > >>> > > >>> All mail to and from this domain is GFI-scanned. > > >>> > > >>> > > >>> > > >>> > > >> > > >> > > >> All mail to and from this domain is GFI-scanned. > > >> > > >> > > >> > > >> > > >> > > > > > > > > > > > > > > > > > > > > > > > > >