[isapros] Re: ISA/IAG Topologies

  • From: Jim Harrison <Jim@xxxxxxxxxxxx>
  • To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
  • Date: Thu, 5 Jun 2008 12:40:03 -0700

:-(
Steve can't make it.

Jim

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
Sent: Thursday, June 05, 2008 12:15 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA/IAG Topologies

I'll second that! I would be very interesting and some useful
conclusions could come of it.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)


> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> Of Jim Harrison
> Sent: Thursday, June 05, 2008 1:32 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA/IAG Topologies
>
> Will do!
>
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> Of Thor (Hammer of God)
> Sent: Thursday, June 05, 2008 11:23 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA/IAG Topologies
>
> You know, an actual "open debate" at Blackhat wouldn't really be a bad
> idea.  In fact, I think it would be quite valuable for all involved.
>
> Hmmm... Jim, see if Steve is open to it ;)
>
> t
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Wednesday, June 04, 2008 7:21 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA/IAG Topologies
> >
> > I'd like to know the same thing. How does "Direct Connect" mean the
> > "death of the DMZ". As far as I can tell, these "Direct Connect"
> > clients
> > represent yet another perimeter (DMZ) that we need to deal with and
> > manage appropriately.
> >
> >
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> >
> >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > Of Thor (Hammer of God)
> > > Sent: Wednesday, June 04, 2008 9:03 AM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: ISA/IAG Topologies
> > >
> > > Same thing I was going to say.  But notice the first thing he says
> > that
> > > one MUST have is a DMZ (among other things).  So yes, it's just a
> > > different way of saying the same thing.
> > >
> > > I have no idea where people get that "DMZ" calls out a particular
> > > topology -- it's just a logical concept that manifests itself in a
> > > physical network deployment based on the goals of the config.
> > > Regardless, the whole "direct connect" bit doesn't really apply...
> > but,
> > > what do you say?
> > >
> > > t
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > > > bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > > > Sent: Wednesday, June 04, 2008 5:49 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > >
> > > > Interesting. He goes through a very very long explanation of a
> > simple
> > > > concept -- that there are multiple perimeters and that each
> > perimeter
> > > > needs to be managed differently.
> > > >
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org
> > > > Blog: http://blogs.isaserver.org/shinder/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- Microsoft Firewalls (ISA)
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > Of Stefaan Pouseele
> > > > > Sent: Wednesday, June 04, 2008 2:05 AM
> > > > > To: isapros@xxxxxxxxxxxxx
> > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > >
> > > > > What about
> > > > >
> > >
> http://isc.sans.org/presentations/2006-sansatnight-notes-optimez.pdf?
> > > > >
> > > > > Stefaan
> > > > >
> > > > > -----Original Message-----
> > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > > Behalf Of Jason Jones
> > > > > Sent: woensdag 4 juni 2008 1:17
> > > > > To: isapros@xxxxxxxxxxxxx
> > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > >
> > > > > Does 'Direct connect' fall into a similar category as SSL VPN
> > where
> > > > they are
> > > > > really providing a "transport solution", as opposed to a
> > "security
> > > > > solution"?
> > > > >
> > > > > -----Original Message-----
> > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > > Behalf Of Thomas W Shinder
> > > > > Sent: 04 June 2008 00:11
> > > > > To: isapros@xxxxxxxxxxxxx
> > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > >
> > > > > Bam!!! Exactly. That is where my thinking was going in this
> > > > direction.
> > > > I
> > > > > don't see how "Direct Connect" is going to solve anything
other
> > than
> > > > > creating a more difficult to solve problem.
> > > > >
> > > > > "I pity the foo"
> > > > >
> > > > > Thomas W Shinder, M.D.
> > > > > Site: www.isaserver.org
> > > > > Blog: http://blogs.isaserver.org/shinder/
> > > > > Book: http://tinyurl.com/3xqb7
> > > > > MVP -- Microsoft Firewalls (ISA)
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > > Of Thor (Hammer of God)
> > > > > > Sent: Tuesday, June 03, 2008 6:03 PM
> > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > >
> > > > > > Of course (just saw this one ;).
> > > > > >
> > > > > > Direct Access IPSec into the network still affords full
stack
> > > > access.
> > > > > > And it does nothing for untrusted, anonymous access to
assets
> > that
> > > > > > should be configured as such.  IPv6 and IPSec will not
"kill"
> > the
> > > > need
> > > > > > for least privilege and security in depth.  I'm actually
quite
> > > > > > disappointed that I am seeing professionals let the
excitement
> > of
> > > > "new
> > > > > > technologies" override the need for and importance of core
> > > security
> > > > > > postulates.  Saying that the "DMZ is Dead" is foolish, and
> > nothing
> > > > > more
> > > > > > than "Oh, I have something cool to talk about at
conferences"
> > > > fodder.
> > > > > > Or, as Mr. T calls it, "Jibba Jabba."
> > > > > >
> > > > > > t
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > > > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > > > > Sent: Tuesday, June 03, 2008 9:01 AM
> > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > >
> > > > > > > (hee-hee)
> > > > > > > I'd love to get you into the discussion happing in the
> > product
> > > > > > security
> > > > > > > alias...
> > > > > > > Can I put you & Steve Riley in the same room for 10
minutes?
> > > > > > >
> > > > > > > Jim
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > > > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
> > > > > > > Sent: Tuesday, June 03, 2008 8:59 AM
> > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > >
> > > > > > > The "DMZ" is alive and well.  Misconceptions of what a DMZ
> > is,
> > > or
> > > > > what
> > > > > > > the term means, or how it should be deployed and
maintained
> > does
> > > > not
> > > > > > > affect the absolute need for such a topology.  Anyone who
> > says
> > > > "The
> > > > > > DMZ
> > > > > > > is dead" is either foolishly hanging on to semantics, or
> they
> > > > simply
> > > > > > do
> > > > > > > not understand what it is for....
> > > > > > >
> > > > > > >
> > > > > > > t
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > > > > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > > > > > Sent: Tuesday, June 03, 2008 8:21 AM
> > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > >
> > > > > > > > Hi Amy,
> > > > > > > >
> > > > > > > > You may have noticed I used the phrase " ISA protected
> > > > perimeter
> > > > > > > > network" as I know from bitter experience what you guys
> are
> > > > like
> > > > > > when
> > > > > > > I
> > > > > > > > mention the dreaded DMZ word! :-P
> > > > > > > >
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > > > > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> > > > > > > > Sent: 03 June 2008 15:17
> > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > >
> > > > > > > > The newb and even those that shouldn't be newb have a
> > > difficult
> > > > > time
> > > > > > > > understand the basic concept of an authenticated DMZ. To
> > most
> > > > DMZ
> > > > > > > means
> > > > > > > > that you stick the server out there naked. Press the DMZ
> > > button
> > > > > and
> > > > > > > > allow full access to the server. Don't bother to patch
it
> > > > because
> > > > > > > > you'll probably have to re-image it from time to time
> > anyway,
> > > > > since
> > > > > > > > it's being constantly hacked upon.
> > > > > > > >
> > > > > > > > It's this attitude that causes me to say DMZ is dead.
It's
> > old
> > > > > > > outdated
> > > > > > > > terminology that shouldn't be used anymore. ISA may have
> > the
> > > > > ability
> > > > > > > to
> > > > > > > > authenticate and protect servers in the DMZ but most
> don't.
> > I
> > > > > really
> > > > > > > > think that ISA needs a new term.
> > > > > > > >
> > > > > > > > thanks,
> > > > > > > >
> > > > > > > > Amy Babinchak
> > > > > > > >
> > > > > > > >
> > > > > > > > Harbor Computer Services |(248) 850-8616
> > > > > > > >
> > > > > > > > Learn about the perfect storm of rebates: June 10th at
> > 9:00am
> > > > and
> > > > > > > save
> > > > > > > > money on your SBS 2008 upgrade.
> > > > > > > > Join the meeting.
> > > > > > > > Conference Bridge 866-500-6738  PC:  3876393
> > > > > > > >
> > > > > > > > Tech Blog http://securesmb.harborcomputerservices.net
> > > > > > > > Client Blog http://smalltechnotes.blogspot.com
> > > > > > > > Website http://www.harborcomputerservices.net
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > > > > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > > > > > > > Sent: Tuesday, June 03, 2008 10:11 AM
> > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > >
> > > > > > > > Yo Jim,
> > > > > > > >
> > > > > > > > Now that is an interesting topic. A paper airplane is
> > simple
> > > > > > compared
> > > > > > > > to
> > > > > > > > a B1 bomber, but I'd argue that the B1 probably provides
a
> > > > higher
> > > > > > > level
> > > > > > > > of security :)
> > > > > > > >
> > > > > > > > Bringing the analogy down a bit, "complexity" is
operator
> > > > > dependent.
> > > > > > > > Creating anonymous and authenticated access DMZs is
simple
> > for
> > > > us,
> > > > > > > but
> > > > > > > > complex for the ISA firewall neophyte. Does that mean
the
> > auth
> > > > and
> > > > > > > anon
> > > > > > > > DMZ concept is not secure? Or is it secure for us, but
not
> > > > secure
> > > > > > for
> > > > > > > > nEwB?
> > > > > > > >
> > > > > > > > Just playing with the idea of "complexity is the enemy
of
> > > > > security".
> > > > > > > It
> > > > > > > > sounds right to me, just trying to figure out the
> corrolary
> > > > > > > arguments.
> > > > > > > >
> > > > > > > > Thomas W Shinder, M.D.
> > > > > > > > Site: www.isaserver.org
> > > > > > > > Blog: http://blogs.isaserver.org/shinder/
> > > > > > > > Book: http://tinyurl.com/3xqb7
> > > > > > > > MVP -- Microsoft Firewalls (ISA)
> > > > > > > >
> > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > > > > > Of Jim Harrison
> > > > > > > > > Sent: Tuesday, June 03, 2008 9:00 AM
> > > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > > >
> > > > > > > > > Since "better" is subjective, I'd be more inclined to
> > call
> > > it
> > > > > > > > "better-isolated".
> > > > > > > > > In general, any time you can functionally isolate
> > (whether
> > > > this
> > > > > is
> > > > > > > > literal isolation is
> > > > > > > > > another discussion) inbound and outbound traffic, your
> > > > firewall
> > > > > > > > policies and
> > > > > > > > > requirements become simplified.  It's a given that
since
> > > > > > complexity
> > > > > > > > increases the odds
> > > > > > > > > of human error, complexity must therefore be the enemy
> of
> > > > > > security.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > > > > > Of Jason Jones
> > > > > > > > > Sent: Tuesday, June 03, 2008 3:35 AM
> > > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > > >
> > > > > > > > > So, in this scenario, I am right to consider a
combined
> > > > solution
> > > > > > to
> > > > > > > > get a "better"
> > > > > > > > > security solution - yes?
> > > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > > > > > Of Jim Harrison
> > > > > > > > > Sent: 02 June 2008 16:43
> > > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > > >
> > > > > > > > > MS separates inbound and outbound arrays.
> > > > > > > > > You're right; IAG sux as a fwd proxy and ISA bows to
IAG
> > > > remote
> > > > > > > > client
> > > > > > > > trust
> > > > > > > > > mechanisms.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > > > > > Of Jason Jones
> > > > > > > > > Sent: Monday, June 02, 2008 7:16 AM
> > > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > > >
> > > > > > > > > As ever, I have left out the details until someone
> > > volunteers
> > > > to
> > > > > > > help
> > > > > > > > J
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > I know that IAG *is* ISA, but in the current solution
> set
> > > the
> > > > > ISA
> > > > > > > > "bit" doesn't scale very
> > > > > > > > > well if you are looking at multiple IAG units to
protect
> > a
> > > > data
> > > > > > > > centre
> > > > > > > > for all inbound and
> > > > > > > > > outbound access. In this sort of scenario, IAG can't
> > really
> > > > cut
> > > > > it
> > > > > > > on
> > > > > > > > it's own to facilitate
> > > > > > > > > system -to-system communications (and authenticated
> > > > > > > outbound/forward
> > > > > > > > access) and
> > > > > > > > > ISA seems much more appropriate. I know ISA could be
> > > > configured
> > > > > to
> > > > > > > do
> > > > > > > > some of this,
> > > > > > > > > but having to create firewall policy rules on each
> > appliance
> > > > and
> > > > > > > > synchronise them
> > > > > > > > > across several IAG appliances doesn't seem very
elegant
> > to
> > > > me...
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > So assuming we are looking at an Internet datacentre
> > model
> > > > (e.g.
> > > > > > > all
> > > > > > > > the clients and
> > > > > > > > > untrusted systems are on the outside) I am thinking
that
> > > both
> > > > > IAG
> > > > > > > and
> > > > > > > > ISA would be
> > > > > > > > > needed to provide an elegant solution - yes?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > In this model, it seemed to make sense to put ISA on
the
> > > edge
> > > > as
> > > > > > it
> > > > > > > > can provide LB/HA
> > > > > > > > > out of the box (with NLB), whereas IAG cannot. ISA can
> > then
> > > > be
> > > > > > used
> > > > > > > > for "protection"
> > > > > > > > > and IPSec VPN with IAG added for more advanced
> publishing
> > > > > > > > with/without
> > > > > > > > endpoint
> > > > > > > > > checking as required.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > In the above model, I am leaning towards putting the
> > > external
> > > > > > > > interface of IAG into an
> > > > > > > > > ISA anonymous access DMZ, with both devices connected
> > > > directly
> > > > > to
> > > > > > > the
> > > > > > > > internal
> > > > > > > > > protected network. However, I am curious if this
> provides
> > > > little
> > > > > > > > benefit and I may as
> > > > > > > > > well simplify things by placing IAG in parallel if it
> > will
> > > be
> > > > > > > > dedicated for remote access
> > > > > > > > > duties...
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Any chance of a hint at what MS IT do?? ;-)
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Jason Jones | Security | Silversands Limited | Desk:
+44
> > > > (0)1202
> > > > > > > > 360489 | Mobile: +44
> > > > > > > > > (0)7971 500312 | Email/MSN:
> jason.jones@xxxxxxxxxxxxxxxxx
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > > > > > Of Jim Harrison
> > > > > > > > > Sent: 02 June 2008 14:47
> > > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > > Subject: [isapros] Re: ISA/IAG Topologies
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > ..pick one.
> > > > > > > > >
> > > > > > > > > ..no; really - there is no "boilerplate".
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > It depends on what you have for application and
security
> > > > > > > > requirements.
> > > > > > > > >
> > > > > > > > > IAG *is* ISA with some kewl stuff tossed into the mix.
> > > > > > > > >
> > > > > > > > > Thus, the question of whether to place IAG or ISA at
the
> > > edge
> > > > is
> > > > > > > > equivalent to asking
> > > > > > > > > "should I place ISA or ISA at the edge?"
> > > > > > > > >
> > > > > > > > > Deploying ISAG and ISA side-by-side will be determined
> by
> > > the
> > > > > > > tasking
> > > > > > > > for each as
> > > > > > > > > well.
> > > > > > > > >
> > > > > > > > > In general, using IAG for fwd traffic is; shall we
say,
> a
> > > bit
> > > > > less
> > > > > > > > than easy.
> > > > > > > > >
> > > > > > > > > Likewise, trying to duplicate the functionality IAG
> > brings
> > > to
> > > > > the
> > > > > > > > application publishing
> > > > > > > > > game is impossible.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > IOW, their relative merits in a given scenario depend
> > > largely
> > > > on
> > > > > > > what
> > > > > > > > you want them to
> > > > > > > > > do.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Jim
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf
> > > > > > > > > Of Jason Jones
> > > > > > > > > Sent: Monday, June 02, 2008 2:34 AM
> > > > > > > > > To: isapros@xxxxxxxxxxxxx
> > > > > > > > > Subject: [isapros] ISA/IAG Topologies
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Hi All,
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > I was wondering what sort of topologies you guys had
> used
> > > for
> > > > > > > > customers who were
> > > > > > > > > looking at combined ISA Server and IAG deployments?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > For example:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Should ISA be the edge device with IAG in an ISA
> > protected
> > > > > > > perimeter
> > > > > > > > network?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Should ISA and IAG be placed in parallel?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Should IAG be placed between two ISA Server edge
> > firewalls
> > > > (e.g.
> > > > > > > > between front-end
> > > > > > > > > and back-end ISAs)?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Any feedback appreciated...
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Cheers
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > JJ
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >   ________________________________
> > > > > > > > >
> > > > > > > > > This email and any files transmitted with it are
> > > confidential
> > > > > and
> > > > > > > > intended solely for the
> > > > > > > > > use of the individual to whom it is addressed. If you
> > have
> > > > > > received
> > > > > > > > this email in error,
> > > > > > > > > or if you believe this email is unsolicited and wish
to
> > be
> > > > > removed
> > > > > > > > from any future
> > > > > > > > > mailings, please contact our Support Desk immediately
on
> > > > 01202
> > > > > > > 360360
> > > > > > > > or email
> > > > > > > > > helpdesk@xxxxxxxxxxxxxxxxx
> > > > > > > > >
> > > > > > > > > If this email contains a quotation then unless
otherwise
> > > > stated
> > > > > it
> > > > > > > is
> > > > > > > > valid for 7 days and
> > > > > > > > > offered subject to Silversands Professional Services
> > Terms
> > > > and
> > > > > > > > Conditions, a copy of
> > > > > > > > > which is available on request. Any pricing
information,
> > > > design
> > > > > > > > information or
> > > > > > > > > information concerning specific Silversands' staff
> > contained
> > > > in
> > > > > > > this
> > > > > > > > email is
> > > > > > > > > considered confidential or of commercial interest and
> > exempt
> > > > > from
> > > > > > > the
> > > > > > > > Freedom of
> > > > > > > > > Information Act 2000.
> > > > > > > > >
> > > > > > > > > Any view or opinions presented are solely those of the
> > > author
> > > > > and
> > > > > > > do
> > > > > > > > not necessarily
> > > > > > > > > represent those of Silversands
> > > > > > > > >
> > > > > > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole,
> > BH17
> > > > 7BX.
> > > > > > > > > Company Registration Number : 2141393.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > ________________________________
> > > > > > > > >
> > > > > > > > > This email and any files transmitted with it are
> > > confidential
> > > > > and
> > > > > > > > intended solely for the
> > > > > > > > > use of the individual to whom it is addressed. If you
> > have
> > > > > > received
> > > > > > > > this email in error,
> > > > > > > > > or if you believe this email is unsolicited and wish
to
> > be
> > > > > removed
> > > > > > > > from any future
> > > > > > > > > mailings, please contact our Support Desk immediately
on
> > > > 01202
> > > > > > > 360360
> > > > > > > > or email
> > > > > > > > > helpdesk@xxxxxxxxxxxxxxxxx
> > > > > > > > >
> > > > > > > > > If this email contains a quotation then unless
otherwise
> > > > stated
> > > > > it
> > > > > > > is
> > > > > > > > valid for 7 days and
> > > > > > > > > offered subject to Silversands Professional Services
> > Terms
> > > > and
> > > > > > > > Conditions, a copy of
> > > > > > > > > which is available on request. Any pricing
information,
> > > > design
> > > > > > > > information or
> > > > > > > > > information concerning specific Silversands' staff
> > contained
> > > > in
> > > > > > > this
> > > > > > > > email is
> > > > > > > > > considered confidential or of commercial interest and
> > exempt
> > > > > from
> > > > > > > the
> > > > > > > > Freedom of
> > > > > > > > > Information Act 2000.
> > > > > > > > >
> > > > > > > > > Any view or opinions presented are solely those of the
> > > author
> > > > > and
> > > > > > > do
> > > > > > > > not necessarily
> > > > > > > > > represent those of Silversands
> > > > > > > > >
> > > > > > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole,
> > BH17
> > > > 7BX.
> > > > > > > > > Company Registration Number : 2141393.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > This email and any files transmitted with it are
> > > confidential
> > > > > and
> > > > > > > > intended solely for the
> > > > > > > > > use of the individual to whom it is addressed.  If you
> > have
> > > > > > > received
> > > > > > > > this email in error,
> > > > > > > > > or if you believe this email is unsolicited and wish
to
> > be
> > > > > removed
> > > > > > > > from any future
> > > > > > > > > mailings, please contact our Support Desk immediately
on
> > > > 01202
> > > > > > > 360360
> > > > > > > > or email
> > > > > > > > > helpdesk@xxxxxxxxxxxxxxxxx
> > > > > > > > >
> > > > > > > > > If this email contains a quotation then unless
otherwise
> > > > stated
> > > > > it
> > > > > > > is
> > > > > > > > valid for 7 days and
> > > > > > > > > offered subject to Silversands Professional Services
> > Terms
> > > > and
> > > > > > > > Conditions, a copy of
> > > > > > > > > which is available on request. Any pricing
information,
> > > > design
> > > > > > > > information or
> > > > > > > > > information concerning specific Silversands' staff
> > contained
> > > > in
> > > > > > > this
> > > > > > > > email is
> > > > > > > > > considered confidential or of commercial interest and
> > exempt
> > > > > from
> > > > > > > the
> > > > > > > > Freedom of
> > > > > > > > > Information Act 2000.
> > > > > > > > >
> > > > > > > > > Any view or opinions presented are solely those of the
> > > author
> > > > > and
> > > > > > > do
> > > > > > > > not necessarily
> > > > > > > > > represent those of Silversands
> > > > > > > > >
> > > > > > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole,
> > BH17
> > > > 7BX.
> > > > > > > > > Company Registration Number : 2141393.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > This email and any files transmitted with it are
> > confidential
> > > > and
> > > > > > > > intended solely for the use of the individual to whom it
> is
> > > > > > > addressed.
> > > > > > > > If you have received this email in error, or if you
> believe
> > > > this
> > > > > > > email
> > > > > > > > is unsolicited and wish to be removed from any future
> > > mailings,
> > > > > > > please
> > > > > > > > contact our Support Desk immediately on 01202 360360 or
> > email
> > > > > > > > helpdesk@xxxxxxxxxxxxxxxxx
> > > > > > > >
> > > > > > > > If this email contains a quotation then unless otherwise
> > > stated
> > > > it
> > > > > > is
> > > > > > > > valid for 7 days and offered subject to Silversands
> > > > Professional
> > > > > > > > Services Terms and Conditions, a copy of which is
> available
> > on
> > > > > > > request.
> > > > > > > > Any pricing information, design information or
information
> > > > > > concerning
> > > > > > > > specific Silversands' staff contained in this email is
> > > > considered
> > > > > > > > confidential or of commercial interest and exempt from
the
> > > > Freedom
> > > > > > of
> > > > > > > > Information Act 2000.
> > > > > > > >
> > > > > > > > Any view or opinions presented are solely those of the
> > author
> > > > and
> > > > > do
> > > > > > > > not necessarily represent those of Silversands
> > > > > > > >
> > > > > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole,
> BH17
> > > > 7BX.
> > > > > > > > Company Registration Number : 2141393.
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > This email and any files transmitted with it are confidential
> and
> > > > intended
> > > > > solely for the use of the individual to whom it is addressed.
> If
> > > you
> > > > have
> > > > > received this email in error, or if you believe this email is
> > > > unsolicited
> > > > > and wish to be removed from any future mailings, please
contact
> > our
> > > > Support
> > > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > > >
> > > > > If this email contains a quotation then unless otherwise
stated
> > it
> > > is
> > > > valid
> > > > > for 7 days and offered subject to Silversands Professional
> > Services
> > > > Terms
> > > > > and Conditions, a copy of which is available on request. Any
> > pricing
> > > > > information, design information or information concerning
> > specific
> > > > > Silversands' staff contained in this email is considered
> > > confidential
> > > > or of
> > > > > commercial interest and exempt from the Freedom of Information
> > Act
> > > > 2000.
> > > > >
> > > > > Any view or opinions presented are solely those of the author
> and
> > do
> > > > not
> > > > > necessarily represent those of Silversands
> > > > >
> > > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17
7BX.
> > > > > Company Registration Number : 2141393.
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>
>





Other related posts: