Please advice I’m planning to install ISA 2006 ENT.on a 2003 server which has only one NIC. Could you please advice is there any known issues if ISA installs on a Single NIC based Server? OR For Installation of ISA2006 2 NIC is Mandatory? If not how to configure the Internal and External Network in the Same NIC? Please advice
Systems Administrator EHL Management Service U.A.E
From: Lebanese in Kuwait
Yes , its possible but not recommended.
check this :
Configuring ISA Server with a Single Network Adapter Configuration Problem: There are a number of issues associated with the configuration of ISA Server on a computer with a single network adapter. Cause: The causes include:
•Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. The Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer. This has implications for running applications located on the ISA Server computer.
•Application layer inspection. Application level filtering does not function, except for Web Proxy Filter for Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) over HTTP.
•Server publishing. Server publishing is not supported. Because there is no separation of Internal and External networks, ISA Server cannot provide the NAT functionality required in a server publishing scenario.
•Firewall clients. The Firewall Client application handles requests from Winsock applications that use the Firewall service. In a single network adapter environment, this service is only available in the context of the Local Host network (protecting the ISA Server computer), and Firewall Client requests are not supported.
•SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. In a single network adapter environment, this service is only available in the context of the Local Host network (protecting the ISA Server computer), and SecureNAT client requests are not supported.
•Virtual private networking. Site-to-site virtual private networks (VPNs) are not supported in a single network adapter scenario. Remote client VPN access is supported in a single network adapter scenario.
From: Lebanese in Kuwait
Never Ever Install ISA Server on a DC !!
Its always better to Install ISA Server Alone without any other application ot it.
Only Install those 3rd party apps that works with ISA Server, such as webfilters and bandwidth controllers, etc..
You can Install all the software in the world on the ISA machine, but with each Software you install , different protocols needs to be opened for this App to function, as a result, you increase the surface of attack on ISA Server, on your FIREWALL !!!
< Message edited by elmajdal -- 1.Jun.2007 11:37:47 AM >