i have face problem, i install ISA 2006 on windows server 2003 R2 with install DHCP and Active Directory before installing ISA2006 DHCP give the ip on clinet pc but when i install ISA 2006 DHCP could not give the ip on clinet pc.
plzz tell me how can i configure ISA 2006 with DHCP.
BUT, it is not recommended to install other services on ISA firewall besisdes ISA itself. You should treat ISA firewall as a firewall and not increase its attack surface.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It probably depends on who you ask. It is not the first time there were contradictions within the company. If they did changed their mind [again],...then it is the second time they changed their mind. If so, then I am exercising my stubbornness to not go along with them. So as far as I am concerned it is not supported and that is the only thing I am ever going to tell anyone :-)
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Don't forget that whoever you talk may be thinking that since ISA can be on SBS,....therefore it can be on a DC,...however that is not true,...When installing the regular ISA/TMG on a regular Domain Controller, it does not have all the "wizardry" and engineering built into the installation program that the Installation Wizards of SBS have. So it is not the same thing and SBS is a specifically engineered product to do what it specifically does and it cannot be applied to non-SBS situations.
All the other scenarios for TMG are unsupported as per here:
quote:
Forefront TMG installed on a domain controller is not supported Issue: Installing Forefront TMG or Forefront TMG EMS on a computer configured as an Active Directory domain controller is not supported.
I´m also not comfortable to place ISA/TMG+DC on the same machine. So, I´ll continue not recommending ISA/TMG admins being such sinners, but will inform them the supported scenarios, so they can make their own decisions
Regards, Paulo Oliveira.
< Message edited by paulo.oliveira -- 29.Dec.2010 5:08:59 PM >
BUT, it is not recommended to install other services on ISA firewall besisdes ISA itself. You should treat ISA firewall as a firewall and not increase its attack surface.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Looks like from the original post that this is really an issue of getting DHCP to function on the ISA and not so much a Domain Controller thing.
Somewhere there is an article about running the DHCP Service on an ISA (no matter if DC or not DC). However I have not been able to find a "good" one. Many things I find list the steps to install the DHCP Service on the ISA via Add/Remove Programs,...yet anyone can do that. But I cannot find the details to handle Access Rules or System Policies that actually allow the DHCP Service to function.
It may be as simple as allowing the DHCP Protocols DHCP-Reply and DHCP-Request using a bi-directional Access Rule that uses both Internal and Localhost in both the From and the To of the Rule at the same time. However it could be more complex than that.
However I still think this is a bad idea and should not be done.
This is the second time, they changed their minds. If so, then I exercise my stubbornness not get along with them. Therefore, as I do not support it, I want to tell anyone, this is the only...
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> DHCP Problem In ISA 2006 
DHCP Problem In ISA 2006 - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread