Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
More Rules or More Weblisteners for multiple sites/servers
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
More Rules or More Weblisteners for multiple sites/servers - 16.May2008 2:57:36 PM
|
|
|
brrrdog
Posts: 24
Joined: 8.May2008
Status: offline
|
Ok every once in a while I'm missing the simplicity of my old iptables based firewall ;).
We have a class C public address block. For convienience, we mapped external to internal address by using the same host id, ie X.X.X.43 > 192.168.1.43.
In some cases, this is definately not necessary any more. For example, I've set up a listener for all of the sites hosted on a webfarm. With SSL bridging over HTTP, I can leave each farm server with just a single address and just have the listener listen to multiple IPs for ssl and assign the certs there.
But for the rest of our servers I'll probably stick to the one-to-one idea. I was just wondering if anyone has a perfered scheme for doing this. I could create a single listener that listens on all ips. I would then create one rule for each ip that hosts websites. Another option is to create one web listener per server and assign each ip that a server is reponsible for to that listener. Then I'd only need a single rule per server (assuming host headers are preserved). I'm leaning toward the former since I could actually name each rule by it's ip. It creates more rules, but is more straight forward. I could really go crazy and create a rule AND a listener for every address but I can't see any reason for that :).
Keep in mind this is limited to http. For single servers (not a farm), I would create a ssl rule for each ip.
< Message edited by brrrdog -- 16.May2008 3:01:35 PM >
|
|
|
|
|
RE: More Rules or More Weblisteners for multiple sites/... - 19.May2008 9:13:02 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi B,
For other servers, you would use Server Publishing Rules, which give you the same functionality that you're used to with IPTables.
You make an external address on the ISA Firewall to an internal address behind the ISA Firewall.
For Web Publishing Rules, if you don't have different authentication requirements for each published Web server, then a single Web Listener works fine. Then you create rules to publish each site.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
