Isa 2006…

Home Forums Security General Security Isa 2006…

This topic contains 10 replies, has 5 voices, and was last updated by Avatar Pushkar 11 years, 2 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • Avatar
    shawn
    Member
    #132373

    Hello,

    Am not a firewall expert, so am hiring a firewall expert for my project…regarding that i want to know some thing imp. from u guys.

    My Question is…

    Am planning to two firewall in my setup. first will be hardware firewall that will be directly connected to internet and second will be ISA 2006 ( because i dont want windows server 2003 directly connect to internet); MY exchange 2003 and other server will be in DMZ created by ISA, the server on which ISA will be install will work as SMTP gateway, proxy and firewall, then ISA will send whole network trafic to hardware firewall.

    Your Input required for this scenerio.

    Avatar
    AndyJG247
    Member
    #320288

    Re: Isa 2006…

    What do you want in the DMZ? You have stated Exchange 2003 but do you mean as a front end (bad news) or you are planning on having DC’s and all Exchange servers there but clients on the inside connecting to it (also not great).

    Avatar
    ryansmitty
    Member
    #318435

    Re: Isa 2006…

    Hi shawn,

    I agree with AndyJG247 on this. You can use ISA to publish your mail services and still keep your Exchange and DC’s on the internal network. You have to keep in mind that Exchange is heavily integrated with AD so it is best to keep them together in a trusted segment of your network. Just my two cents.

    Ryan

    Avatar
    shawn
    Member
    #310922

    Re: Isa 2006…

    Thanks Andy and Ryan for responce,

    Mine current setup and current requirement might be helpful..

    Current Setup
    ISA 2006, having three NIC……one has live IP, second is configured as DMZ 192.168.1.x network, that is contaning my DC, exchange server and file server, and the third card has IP range 172 series, that is containg all the users. everything is working fine..

    Current requirement
    I want to implement hardware based VPN firewall.

    I know this is looking lengthy but please help me out.

    Avatar
    AndyJG247
    Member
    #320300

    Re: Isa 2006…

    OK, thanks for the update.
    If you just wish to add a hardware firewall to that then just put it on the outside of the ISA server so all traffic goes through it straight to the ISA server. Your scenario is working at the moment so it should continue to do so assuming it is setup correctly.

    Avatar
    Dumber
    Participant
    #197520

    Re: Isa 2006…

    And why would you want to use a “hardware” firewall?????
    Give me one good reason why ISA wouldn’t do his job?

    Ever seen an article where ISA is being hacked?

    Avatar
    AndyJG247
    Member
    #320312

    Re: Isa 2006…

    The original question asked for help on adding another firewall that was all.

    I agree with you I think ISA is great for its purposes.

    Avatar
    Pushkar
    Member
    #327673

    Re: Isa 2006…

    Adding another firewall is not a bad idea………first firewall asa 5510 then whole trafic from isa…it will work.

    Avatar
    Pushkar
    Member
    #327674

    Re: Isa 2006…

    AndyJG247;105211 wrote:
    What do you want in the DMZ? You have stated Exchange 2003 but do you mean as a front end (bad news) or you are planning on having DC’s and all Exchange servers there but clients on the inside connecting to it (also not great).

    Hello Andy & ryan

    In the below thread of shawn….three NICs one for external, second for dmz that will contain all servers, third for internal clients system….m not finding any thing wrong……….but your answer is pointing to somewhere else….please clear your point if you have different opinion about this scenario.

    Thanks in advance

    Avatar
    AndyJG247
    Member
    #320322

    Re: Isa 2006…

    My understanding is that this is already setup and working. ISA with a DMZ, clients on the inside, servers in the DMZ and then the outside. Shawn wanted to add another firewall so the suggestion was to just add it between the outside nic and the internet.
    Personally I wouldn’t separate the servers and clients quite like that but depending on business requirements it is always a possibility.

    Avatar
    Pushkar
    Member
    #327675

    Re: Isa 2006…

    AndyJG247;106354 wrote:
    My understanding is that this is already setup and working. ISA with a DMZ, clients on the inside, servers in the DMZ and then the outside. Shawn wanted to add another firewall so the suggestion was to just add it between the outside nic and the internet.
    Personally I wouldn’t separate the servers and clients quite like that but depending on business requirements it is always a possibility.

    thanks a lot Andy

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

Register for this Petri Webinar!

Software-Defined Unlimited Backup Storage

Tuesday, August 27, 2019 @ 1:00 pm EDT

A Scale-Out Backup storage infrastructure is a must-have technology for your backups. In this webinar, join expert Rick Vanover for a look on what real-world problems are solved by the Scale-Out Backup Repository.

Register Now

Sponsored By