Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Can ISA 2004 be setup to operate as just a packet filtering firewall?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Can ISA 2004 be setup to operate as just a packet filte... - 2.Feb.2005 12:20:00 AM
|
|
|
abandonallhope
Posts: 5
Joined: 1.Feb.2005
From: Nashville
Status: offline
|
Can ISA 2004 be setup to operate as just a packet filtering firewall?
Ok here is my situation in a nut shell.
Because of how the current firewall is setup and the internal users and services utilize it, I can only do a full cut over to a new firewall. Migration or co-exist is a Zero possibility. Since I have to cut over, the only sure way of performing it (and leaving room to fall back to the old firewall) is to setup ISA 2004 as close to the current firewall configuration as possible with no internal changes to client/services. Basically I need to setup ISA 2004 as a packet filtering only firewall. No clients installs, no proxy setups, no web site publishing, just packet level filtering. IÆll roll in all the ISA goodies going forward but for the cut over it needs to be very clean.
Infrastructure
TCP/IP only network and each site has a DNS server providing internal and external name resolution. The domain is W2K AD with a wide mix of operating system ranging from 95 to 2003 server. We even have a few UNIX and Microsoft embedded OS devices.
Current Firewall:
Again, we have a packet filtering firewall. The firewall is the default gateway for the WAN. The physical setup is internet router to firewall to internal backbone router. All Windows, UNIX and other devices have access to the Internet with some out bound filtering and very tight inbound filtering. No Proxy servers exist. The firewall provides security for web services for 40+ Web sites, load balance web servers, ftp, user VPN, Exchange, Sharepoint, conferencing, remote site VPN and even devices to turn on and off equipment halfway around the world. Our Web services use an IP range provided by our ISP but internally we also own and use a class B range.
So what do you think? Stand a chance in ????
|
|
|
|
RE: Can ISA 2004 be setup to operate as just a packet f... - 4.Feb.2005 12:08:00 AM
|
|
|
abandonallhope
Posts: 5
Joined: 1.Feb.2005
From: Nashville
Status: offline
|
Any One???
|
|
|
|
|
RE: Can ISA 2004 be setup to operate as just a packet f... - 11.Feb.2005 12:34:00 PM
|
|
|
leonhughes
Posts: 149
Joined: 19.Mar.2001
From: UK
Status: offline
|
No ISA can't do just packet filtering... but I really don't understand why you'd want it to!
Deploying ISA should cause minimal disruption as long as the implementation is planned properly.
Leon.
|
|
|
|
|
RE: Can ISA 2004 be setup to operate as just a packet f... - 18.Feb.2005 5:03:00 PM
|
|
|
remdotc
Posts: 42
Joined: 18.Feb.2005
From: Detroit, USA
Status: offline
|
Apples to Oranges...
If you want granular control over packet filtering, and none of VPN (PPTP) ISA offers, I suggest running a Linux firewall. Iptables allows you far better control over individual packets than ISA. So as long as you do not need to use GRE based VPN then iptables maybe a better fit for you
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
