Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Server Publishing, What is it?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Server Publishing, What is it? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Server Publishing, What is it? - 12.Jul.2005 6:28:00 PM   
megli

 

Posts: 18
Joined: 12.Jul.2005
From: Portland, OR
Status: offline 		"[Confused]"

Background:

Our company currently uses an Ingate firewall. I want to switch to ISA 2004, so I installed it on a 2.8ghz 1U w/ dual NICS and decided to give it a public IP in our DMZ so I could start playing with it. I have it configured to allow for web access basicaly as a gateway and it works great.
One NIC is set to 10.0.0.1 (internal) the other with a public IP. I kept most of the default rules, except modifying the server to run as an edge/solo firewall, handle NAT, open all traffic from inside to outside, etc.

Problem:

MS's documentation is a pain to read. It sounds like 'Server Publishing' is basically a synonym for 'route'?
I'm use to having two different sections for setting up firewal rules such as what is generally blocked and how you route a specific protocol or traffic type to a specific server, but it feels like in ISA server it's sort of all lumped together.
I'm hoping to get a confirmation on this from someone here, because my intent is to have the ISA server sitting as our corporate firewall, router, proxy, VPN concentrator, etc etc etc etc (would be so much easier).

The types of servers we have in house are:

FTP Server
Web Server
Exchange Server
Terminal Server
SIP proxy/RTP

Ok, i hope that gives a clue as to what i'm trying to accomplish day 1.

[ July 12, 2005, 06:28 PM: Message edited by: Mike Egli ]
Post #: 1
RE: Server Publishing, What is it? - 12.Jul.2005 6:38:00 PM   
megli

 

Posts: 18
Joined: 12.Jul.2005
From: Portland, OR
Status: offline 		I just realized I may have nto been clear abot something.

if I'm right, and I want to create a new rule for Exchange for example . . .

then I would set the 'FROM' to the External network, set the TO to a new network I would create that only has the exchange server IP address in it, and then select POP & SMTP.

If that kicks off the rule, then this *should* be pretty simple. However, how intelligent is the firewall when combining these rules with a user having his Outlook point at a POP3 personal email server on the internet? Does it treat his 'session' as unique and therefore not effected by the above rule I create?

What about FTP? I'm assuming if I create an FTP 'rule' from our outside port to an internal server, that people on their PCs could still FTP to outside companies and sources?

(in reply to megli)
Post #: 2
RE: Server Publishing, What is it? - 12.Jul.2005 10:17:00 PM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline 		I am sure others on this forum will also give you guidance.

What you need is Tom's configuring ISA 2004 book and various articles and tutorials from www.isaserver.org (look at the menu 'Articles & Tutorials' on the left). Read through them. Firewall, as you may know, is not a server you can take lightly. It's an important piece of hardware+software. So I would recommend that you get a good understanding of what you are doing with ISA before thinking about deploying for production.

Here is a very brief explanation for your question. Routing and publishing services in ISA are two different things. When you route, you just simply "move" the packet from one network segment to another without inspecting the contents or headers of each packet against a set of security policies. When you publish, you are routing, opening each packet and inspecting the contents for compliance (exception: HTTPS tunneling). Server publishing is also knows as PAT or 1-to-1 NATing.

quote:


I'm hoping to get a confirmation on this from someone here, because my intent is to have the ISA server sitting as our corporate firewall, router, proxy, VPN concentrator, etc etc etc etc (would be so much easier).

The types of servers we have in house are:

FTP Server
Web Server
Exchange Server
Terminal Server
SIP proxy/RTP
ISA 2004 is an ideal choice for what you are trying to accomplish.

[ July 12, 2005, 10:22 PM: Message edited by: ISAwader ]

(in reply to megli)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Server Publishing, What is it? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts