Announcement

Collapse
No announcement yet.

ISA 2006 issue, some help please? :)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006 issue, some help please? :)

    Hi,

    Once again I find myself calling for help here at this forum. Hope someone can help me out with my problem.

    At one of our customers we have a Windows 2003 std. ed. which has 2 NIC's and ISA 2006 installed.
    All works well, publishing rules are applied and they can be accessed etc.

    Along side that we have a windows 2003 server with exchange 2007 on it and a 2 SQL servers in a cluster environment with failover.

    We use the Std. Ed. 2003 as the firewall, and the 2nd windows 2003 with exchange is the DC.

    For virus prevention we decided to install TrendMicro that comes with OfficeScan, Scan Mail for Exchange and a Control Manager.
    Since the DC already is running the exchange 2007 server and a lot of traffic is generated on this server causing the CPU to be constantly above 60% we decided that we would not stress this server more by installing the corporate virus scan solution.
    Therefor we installed it on the ISA 2006 server.

    Now this all works well, weren't if for one problem:
    When ISA 2006 is installed you can't browse the local network through explorer.

    We've been looking for settings in the ISA server with publishing rules and allow rules, but no such luck.

    Is there a way on how we can achieve that the server can browse it's local network and most important, how the client pc's can view / access the server through the local network browser.
    The server is visible for others through the local network browser, but as soon as they try to open the server, they get the error message that the network location doesn't exist.

    I really hope someone can help me out on this issue.
    As stated above we don't want to install the virus scan solution on any of the other servers because they get stressed out enough as they are already.

    Thanks.

  • #2
    Re: ISA 2006 issue, some help please?

    I'm sure you don't need telling this is a bad idea. ISA is a firewall and as such shouldn't have anything else installed on it. You are wanting to set it up to be less secure.

    Ok. That over with. Tell us how it is configured. Is it a domain member? Is it plugged into a DMZ? Do you really need browse or does connectivity suffice? Can you ping internal hosts by name?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: ISA 2006 issue, some help please?

      I'm sorry,

      I know it's a less secure way to protect your network, but that is only if you also allow the ISA server to be visible from the internet.
      In this case we only need the server to be visible from within the internal network.

      Anyway, I've solved the issue by myself after doing some more research.

      It apears that you need to add an access rule, allowing ICPM, NetBios and RPC from internal to internal.
      This will allow the client pc's to view the server from within the internal network.
      Also the ISA server will be able to do network browsing.

      Hope this helps anyone else having issues with similar problems.

      Comment


      • #4
        Re: ISA 2006 issue, some help please?

        Glad you sorted it and thanks for posting the resolution.
        Can I ask what the ISA is doing if it isn't publishing or internet connected?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: ISA 2006 issue, some help please?

          sure you can ask

          The ISA is publishing and acting as firewall.
          But we had to go for this solution since all the other server we have at the customer are heavily used.
          The only server not suffering of to much load is the server where ISA is running on.
          So the solution for us was to install the corporate anti-virus on the ISA.

          I did make sure though that only the internal network is allowing ICMP, NetBios and RPC traffic, and it's set to allow from internal to internal.
          This way the security doesn't get compromised to the outside world.
          At least, that is the idea :P

          Comment

          Working...
          X