Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Discussion about article on Getting Started Right with ISA firewalls
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Discussion about article on Getting Started Right with ... - 7.Jun.2005 8:20:00 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
This thread is for discussing the article on getting started right with the ISA firewall at http://isaserver.org/tutorials/2004rightstart.html
Thanks!
Tom
[ June 07, 2005, 08:23 AM: Message edited by: tshinder ]
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 7.Jun.2005 2:41:00 PM
|
|
|
zbilic
Posts: 6
Joined: 10.Sep.2004
From: New Jersey
Status: offline
|
Hi Tom,
On our network the DHCP service is running on the router. What would be the best way to add ISA with 2 NICs? Do we bring DHCP inside or just leave it as is and install DHCP relay agent on ISA? What is your suggestions?
Great article by the way!
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 7.Jun.2005 11:17:00 PM
|
|
|
Guest
|
Tom,
The diagram used in the "Put a router in front of the ISA firewall" section shows the ISA firewall's external default gateway as 10.0.0.2 - I beleive this should be 10.0.0.1 the LAN address of DSL router.
Michael Koukourou
Technical Specialist
South Australian Government
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 8.Jun.2005 4:59:00 PM
|
|
|
BlakeServ
Posts: 1
Joined: 8.Jun.2005
From: Louisiana
Status: offline
|
Hello Tom...
In your article you mentioned a problem with ISA's external NIC getting addresses from ISP's DHCP servers. Is this something new to ISA 2004.
I just did a reformat/clean install of SBS2003/ISA20004 on a system that ran SBS2003/ISA2000 for over 2 years and suren enough after about a day of working normally the external NIC is not able to get a valid address.
So I dusted off my trusty old Proxy 2.0 box and here I am. I guess its time for a router...
Don
PS..Since I have not finished reading your ISA2004 book yet maybe there is something about this in it...
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 15.Jun.2005 6:36:00 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by zbilic:
Hi Tom,
On our network the DHCP service is running on the router. What would be the best way to add ISA with 2 NICs? Do we bring DHCP inside or just leave it as is and install DHCP relay agent on ISA? What is your suggestions?
Great article by the way!
Hi Z,
Better would be to use the DHCP on the NAT device outside of the ISA firewall, and also put a DHCP server inside the ISA firewall Protected Networks, or even on the ISA firewall itself.
HTH,
Tom
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 15.Jun.2005 6:38:00 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by <Michko>:
Tom,
The diagram used in the "Put a router in front of the ISA firewall" section shows the ISA firewall's external default gateway as 10.0.0.2 - I beleive this should be 10.0.0.1 the LAN address of DSL router.
Michael Koukourou
Technical Specialist
South Australian Government
Hi Micahel,
Good find! I made a comment under the graphic to point out the error.
Thanks!
Tom
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 15.Jun.2005 6:40:00 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by blakeserv:
Hello Tom...
In your article you mentioned a problem with ISA's external NIC getting addresses from ISP's DHCP servers. Is this something new to ISA 2004.
I just did a reformat/clean install of SBS2003/ISA20004 on a system that ran SBS2003/ISA2000 for over 2 years and suren enough after about a day of working normally the external NIC is not able to get a valid address.
So I dusted off my trusty old Proxy 2.0 box and here I am. I guess its time for a router...
Don
PS..Since I have not finished reading your ISA2004 book yet maybe there is something about this in it...
Hi Don,
Check out the section on DHCP spoof detection in the book and see if that helps fix your problem. Otherwise, a NAT device in front of the ISA firewall is the way to go.
HTH,
Tom
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 23.Jun.2005 11:30:00 AM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
Hello
My internal DNS server is on a seperate W2K3 Server and it has the ISA Server Client installed. I just can not resolve external addresses that way, I have setup a rule (the first one) to allow DNS access from the internal network, but it's still a no go (I even tried to allow all outbound traffic). The only way around is to put a router and route all traffic from my DNS server thru it.
Any Hints?
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 23.Jun.2005 12:19:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi P,
Don't install the Firewall client on servers. Just install it on workstations.
HTH,
Tom
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 18.Oct.2005 11:53:00 AM
|
|
|
gentec02
Posts: 62
Joined: 18.Oct.2005
Status: offline
|
On the external NIC on my ISA Server, do I need a static address? Or if I do not use a static address and the DHCP from my ISP do I need to add a router in between?
Thanks
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 19.Jan.2006 12:52:31 PM
|
|
|
soulwaxer
Posts: 7
Joined: 10.Aug.2005
Status: offline
|
Hi Tom
Just wanted a bit of advice I have a Small Business Server 2003 with ISA included. We have a modem router which has static address. What would be the best option is it better just connect the modem to the server and use the dial up preferences facilty in iSA or to use it as a router and have the ISA server use its gateway address as the routers LAN address.
Are there any pitfalls with ISA on SBS 2003 using this set up
thanks in advance
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 26.Jul.2006 3:48:48 AM
|
|
|
dee
Posts: 2
Joined: 11.Jul.2006
Status: offline
|
Can anyone provide details how this can be acheived? Just new to ISA:
"create an Access Rule allowing the DNS server on the internal network outbound access to the DNS protocol"
Thanks in advance
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 26.Dec.2006 11:11:08 PM
|
|
|
kenzo
Posts: 17
Joined: 7.Nov.2006
Status: offline
|
hi
1- i have to add the ip range of the router 10.x.x.x as new network ? and i have to make trust role between local host and this new network ?if i add a new network for router range ??
thankssssssss
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 26.Dec.2006 11:17:08 PM
|
|
|
kenzo
Posts: 17
Joined: 7.Nov.2006
Status: offline
|
hi
1- i have to add the ip range of the router 10.x.x.x as new network ? and i have to make trust role between local host and this new network ?if i add a new network for router range ??
thankssssssss
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 27.Dec.2006 10:36:31 AM
|
|
|
kenzo
Posts: 17
Joined: 7.Nov.2006
Status: offline
|
- i have to add the ip range of the router 10.x.x.x as new network ? and i have to make trust role between local host and this new network ?if i add a new network for router range ??
thankssssssss
|
|
|
|
|
RE: Discussion about article on Getting Started Right w... - 22.Apr.2008 12:26:33 PM
|
|
|
James22
Posts: 4
Joined: 11.Apr.2008
Status: offline
|
Hi Tom
I have been reading your artical with great interest how would you setup ISA if my interent provider is cable and PPPoE is not used.
Thanks inadvance
James22
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Discussion about article on Getting Started Right w... - ![[Frown]](/image/smiles/frown.gif)
![[Wink]](/image/smiles/wink.gif)
