• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Deployment Scenario

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> Deployment Scenario Page: [1]
Login
Message << Older Topic   Newer Topic >>
Deployment Scenario - 25.Jan.2008 10:51:17 AM   
kateh

 

Posts: 16
Joined: 21.Nov.2007
Status: offline
Hi Tom,

I wonder if you could help.

I have 1 ISA setup with a 3 legged template.  I now want to add an additional ISA server but have the web server and the application server on different DMZ's.

Is there a way to have the web server on ISA1 dmz and the App server on ISA2 dmz but connect the two together?

Many thanks
Kate
Post #: 1
RE: Deployment Scenario - 26.Jan.2008 1:53:41 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Kate,

Are you wanting to add a second ISA Firewall to the array, or just a second ISA SE firewall?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to kateh)
Post #: 2
RE: Deployment Scenario - 30.Jan.2008 6:31:38 AM   
kateh

 

Posts: 16
Joined: 21.Nov.2007
Status: offline
Hi Tom,

I want to add another ISA SE Firewall.

We currently have a 3 legged template setup using 3 nic's - internal, external and Perimeter (DMZ). 

The web server is on the DMZ. 

I want to use the existing 3 legged setup I have at the minute with external clients coming in to our web server on the dmz.  Without changing this, using a 2nd ISA SE firewall I would like to create an additional layer of security between the web server and an application server then into our internal network. 

Ideally, I require a three tier environment disrupting as little as possible of our current setup. 

Can I continue with our existing setup, keeping the web server on the original dmz, add the additional ISA SE Firewall (with 3 nic's) and create it's own dmz for the application server?  then connect the two using publishing rules?

Is this possible or will I need to use the back-to-back dmz scenario and have both app and web server on same dmz?

Also, one of my ISA servers is 2004 and one is 2006.  Is this advisable?

I'm really new to ISA so I hope this makes sense

Many Thanks
Kate

< Message edited by kateh -- 30.Jan.2008 11:03:45 AM >

(in reply to tshinder)
Post #: 3
RE: Deployment Scenario - 31.Jan.2008 10:23:33 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Kate,

I see what you're getting at. The second ISA Firewall would be behind the DMZ, with an interface in the DMZ and an interface on the Internal Network. However, this really isn't required, since your current ISA Firewall is separating the DMZ from the Internal Network.

However, if your application server is not on the Internal Network, that's a different story. Please confirm.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to kateh)
Post #: 4
RE: Deployment Scenario - 31.Jan.2008 10:35:58 AM   
kateh

 

Posts: 16
Joined: 21.Nov.2007
Status: offline
Hi Tom,

Yes, this is it exactly.   The current ISA Firewall is seperating the DMZ from the Internal Network with the web server on the DMZ being accessed from external clients.

Unfortunately, my application server isn't on any of our networks yet.  I don't want it to go on the Internal Network but want to add it on to a dmz of it's own using the 2nd ISA Firewall but trying to slot it in with the current setup.

I'm also not sure whether my current ISA 2004 will play happily with the new ISA 2006 if I have it in a back-to-back dmz.

Thankyou for all your help. 

Kind regards
Kate

(in reply to tshinder)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> Deployment Scenario Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts