• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL publishing - correct?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> SSL publishing - correct? Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL publishing - correct? - 2.Feb.2009 5:40:49 PM   
jrink

 

Posts: 57
Joined: 22.Jul.2002
From: Wisconsin
Status: offline
It seems like there's quite a difference in ISA 2006 when it comes to web publishing and SSL.

I want to make sure what I did is fine (it seems to work).

I have an internal website that runs over IIS.  The site has a godaddy cert for it so it can be accessed via SSL.  I imported that certificate into ISA without problem.  I then created a listener for the external IP address.

The listener is configured as follows:
- Use a single cert forthe web listener
- Enable HTTP and HTTPS connections on this port (80/443)
- "No authentication" under the Authentication tab.
- "Allow client authentication over http" enabled under the Advanced tab.

The web publishing rule is configured as follows:
- "No delegation, but client may authenticate directly" under the Authentication Delegation tab.
- Users tab set for ALL USERS

The website itself is setup for Integrated Windows Authentication. 

This seems to work fine, but ISA 2006 has all these extra authetnication options, I'm not sure I quite understand them all.

So... is my rule OK?  If yes, is there a more preferred method?

Thanks

Post #: 1
RE: SSL publishing - correct? - 2.Feb.2009 6:46:15 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
You have a working configuration, but probably not ideal in terms of security...

You should be using HTTP to HTTPS redirection to keep everything encrytpted.

You should be useing ISA authentication combined with NTLM delegation.

You should be using SSL bridging to maintain encryption end-to-end.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to jrink)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> SSL publishing - correct? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts