Announcement

Collapse
No announcement yet.

Isa 2006...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Isa 2006...

    Hello,

    Am not a firewall expert, so am hiring a firewall expert for my project...regarding that i want to know some thing imp. from u guys.

    My Question is...

    Am planning to two firewall in my setup. first will be hardware firewall that will be directly connected to internet and second will be ISA 2006 ( because i dont want windows server 2003 directly connect to internet); MY exchange 2003 and other server will be in DMZ created by ISA, the server on which ISA will be install will work as SMTP gateway, proxy and firewall, then ISA will send whole network trafic to hardware firewall.

    Your Input required for this scenerio.

  • #2
    Re: Isa 2006...

    What do you want in the DMZ? You have stated Exchange 2003 but do you mean as a front end (bad news) or you are planning on having DC's and all Exchange servers there but clients on the inside connecting to it (also not great).
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Isa 2006...

      Hi shawn,

      I agree with AndyJG247 on this. You can use ISA to publish your mail services and still keep your Exchange and DC's on the internal network. You have to keep in mind that Exchange is heavily integrated with AD so it is best to keep them together in a trusted segment of your network. Just my two cents.

      Ryan

      Comment


      • #4
        Re: Isa 2006...

        Thanks Andy and Ryan for responce,

        Mine current setup and current requirement might be helpful..

        Current Setup
        ISA 2006, having three NIC......one has live IP, second is configured as DMZ 192.168.1.x network, that is contaning my DC, exchange server and file server, and the third card has IP range 172 series, that is containg all the users. everything is working fine..

        Current requirement
        I want to implement hardware based VPN firewall.

        I know this is looking lengthy but please help me out.

        Comment


        • #5
          Re: Isa 2006...

          OK, thanks for the update.
          If you just wish to add a hardware firewall to that then just put it on the outside of the ISA server so all traffic goes through it straight to the ISA server. Your scenario is working at the moment so it should continue to do so assuming it is setup correctly.
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: Isa 2006...

            And why would you want to use a "hardware" firewall?????
            Give me one good reason why ISA wouldn't do his job?

            Ever seen an article where ISA is being hacked?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Isa 2006...

              The original question asked for help on adding another firewall that was all.

              I agree with you I think ISA is great for its purposes.
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: Isa 2006...

                Adding another firewall is not a bad idea.........first firewall asa 5510 then whole trafic from isa...it will work.

                Comment


                • #9
                  Re: Isa 2006...

                  Originally posted by AndyJG247 View Post
                  What do you want in the DMZ? You have stated Exchange 2003 but do you mean as a front end (bad news) or you are planning on having DC's and all Exchange servers there but clients on the inside connecting to it (also not great).
                  Hello Andy & ryan

                  In the below thread of shawn....three NICs one for external, second for dmz that will contain all servers, third for internal clients system....m not finding any thing wrong..........but your answer is pointing to somewhere else....please clear your point if you have different opinion about this scenario.

                  Thanks in advance

                  Comment


                  • #10
                    Re: Isa 2006...

                    My understanding is that this is already setup and working. ISA with a DMZ, clients on the inside, servers in the DMZ and then the outside. Shawn wanted to add another firewall so the suggestion was to just add it between the outside nic and the internet.
                    Personally I wouldn't separate the servers and clients quite like that but depending on business requirements it is always a possibility.
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: Isa 2006...

                      Originally posted by AndyJG247 View Post
                      My understanding is that this is already setup and working. ISA with a DMZ, clients on the inside, servers in the DMZ and then the outside. Shawn wanted to add another firewall so the suggestion was to just add it between the outside nic and the internet.
                      Personally I wouldn't separate the servers and clients quite like that but depending on business requirements it is always a possibility.
                      thanks a lot Andy

                      Comment

                      Working...
                      X