Article was great help for setting up auto configure. I'd done it once before but unfortunately, my memory isn't so good.
The one thing that I am curious about is if I can use autoconfigure to specify a different proxy other than the ISA cache.
I have an ad filtering proxy installed on a second server that I've manually configured my clients to connect to. it listens on port 8118 and forwards to 8080 on the ISA server where ISA's caching proxy listens. ISA then retrieves the content from the internet. what I'd like to do is leverage auto configure to configure clients to connect to the ad filtering proxy rather than specifying the proxy cserver manually on each.
Basically, I'd rather just let DHCP, DNS, and ISA configure my clients' web browsers rather than walk up to each machine and do it manually, but I can't find any evidence that anyone's ever done this, which means either there's a better way or it's not possible, and I can't find anything that tells me either way.
It'd be nice to eventually move the ad filter to the same machine as ISA, but I want to get this going first (because then it makes it very easy to reconfigure at any point in the future).
You can enter the alternate URL in the Web browser configuration if you like. The ISA firewall will then deliver that entry when the Firewall client config refreshes.
Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
Hi Tom On Page 4 on the article you mentioned that a static route needs to be configured on the Edge firewall for the network services segment. I'm confused with this part only because the network services firewall external ip address is in the same range as the Edge ISA firewalls ip address thats assigned to the internal nic, so if this is true then couldnt the Edge ISA firewall just do an ARP to hit the services ISA firewall?
Question on the last portion, on rolling out the FWC through GP.
I'm a little confused.
I understand I can create a new OU, which I did and named as you suggested.
I am really confused on steps 4 and 5. What exactly am I moving into the new OU? Am I actually moving the computers that are currently located in the default 'Computers OU' within AD?
I'm a new comer in ISA Server world. I have read and implement your article series on using the ISA firewall as a network services firewall to protect network services segments. It was a great article and I've done all with the implementation except the part 3 of your article (because at this moment I don't have plan to create any OWA,SMTP, or POP3 server so that's why I skip them). And I skipped also in Part 4 (only in section "Creating Publishing Rules on the edge ISA Firewall to allow Inbound Connections to the Exchange Server Mail services"). In Part 5, I did implement only the section "Create COnfigure DNS Entries in the DOmain DNS, including WPAD Entries" and "Configure the Firewall Client settings on the edge ISA Firewall".
After implementation, I got one problem anyway and it is about the Internet Inbound connectivity. Even the edge firewall could not get connected to the internet. Before moving to this back-to-back firewall design, I was using the edge firewall design and the internet connectivity works fine.
Here is my network diagram:
(Internet) || || (Front-End ISA) ----> External NIC:63.199.199.20, GW:63.199.199.10 || Internal NIC:172.16.5.20,DNS:192.168.3.3,192.168.3.4 || (L2-Switch) || || (Back-End ISA) ----> External NIC:172.16.5.30, GW:172.16.5.20 || Internal NIC:192.168.5.20,DNS:192.168.3.3,192.168.3.4 ||VLAN 4 || (L3-Switch) ----> All VLANs are routable || IP Route 0.0.0.0 0.0.0.0 192.168.5.20 /\ IP Route 172.16.5.0 255.255.255.0 192.168.5.20 / \ / \ (VLAN 2) (VLAN 3) / \ / \ / \ (192.168.3.3) (192.168.3.4) Primary DC Secondary DC DNS,DHCP Server DNS Server
Info: -The Front-End and the Back-End are the member of the domain behind the back-end ISA -Front-End ISA is configured with persistent route to reach the network 192.168.x.x behind the back-end ISA. -Back-End ISA is configured with persistent route to reach other network in the different VLAN. -Access rule is defined in the front-end ISA to allow the perimeter to access the internet.
All the Server could ping each other even from the Front-End ISA to the Primary DC in VLAN 2 and vice versa. But when I try to connect the front-end ISA with the Internet, the front-end ISA could not reach any internet connection or open any webpages. But when I tried to connect the Internet directly with the back-end ISA (and of course modify some setting in the external interface,etc), The internet works and all the clients in the VLAN 2 and 3 could browse to the internet. So actually what wrong with my back-to-back configuration? If anyone could help me with this I'll really appreciate it. Thank You.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Discussion about article on part 5 of the network services firewall article 
Discussion about article on part 5 of the network servi... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread