Announcement

Collapse
No announcement yet.

Decommissioning ISA nad moving OWA to firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Decommissioning ISA nad moving OWA to firewall

    Hi All,

    I wonder if some can help me here please?

    We are moving to product called bloxx for our proxy and web filtering purposes from ISA 2006 server. however once we upgrade we want to decommision ISA server but there are few ruels configured whic we want to move to our main hardware based firewall.

    I am not good in ISA at all and there are 4 more rules configured there whihc we want to move to firewall related owa and web traffic; can any one please advise how would I know what do I need to tell to service provider to configure in the firewall.

    For owa there are two rules one for handling owa traffic external to internal and one internal to owa server; rest not understandable by me; any chance if I can export the settings and upload here and would some one could guide me please?

  • #2
    Re: Decommissioning ISA nad moving OWA to firewall

    By all means post them - we have some real ISA experts.

    In general, OWA needs port 443 (SSL) passed to the Exchange Front End server
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Decommissioning ISA nad moving OWA to firewall

      Thansk Ossian, that's very encrouging!

      Please see attached snapshot. Please let me know what other info is required so I can post here for you to give me advise.

      Thanks All.
      Attached Files

      Comment


      • #4
        Re: Decommissioning ISA nad moving OWA to firewall

        As Ossian said, opening port 443 to the Exchange Server is usually sufficient. Several of the rules you highlighted are probably legacy rules, as they are disabled. You can tell this from the red down arrow on the rule number. It's not recommended to allow logins over 80 as the password will be sent in plain text on an unsecured connection if you are using basic authentication.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Decommissioning ISA nad moving OWA to firewall

          Thanks All for the help,

          We have sucessfully move all the rules to new filtering device from ISA except two rules related to OWA.

          I have asked my service provider to send me the copy of currently configured rules on our main firewall whic are below:

          name 10.1.1.35 ISA1
          access-list inside_access_in extended permit ip host ISA1 any
          access-list outside_access_in extended permit udp host 8*.***.**.*9 host ISA1 eq 4529
          access-list outside_access_in extended permit udp host 8*.***.**.*9 host ISA1 eq 4529 (which I beleive the IP of our owa domain)
          static (inside,outside) 217.1**.***.*9 ISA1 netmask 255.255.255.255

          I am rubbish in Firewalls, could some one please advise what these rules means and what changes needs to be done on our above firewall rules to decommision ISA server.

          Your response would be highly appreciated.

          Thanks

          Comment


          • #6
            Re: Decommissioning ISA nad moving OWA to firewall

            if your ISA server is completely decommissioned and gone, my suggestion would be to completely remove that ACL/RuleSet.

            Of course.. you'd need another ruleset to publish port443 on whatever is replacing isa..
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment

            Working...
            X