Welcome to ISAserver.org

Server Publishing vs Packet Filtering

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Server Publishing >> Server Publishing vs Packet Filtering

Page: [1]

Message

<< Older Topic Newer Topic >>

Server Publishing vs Packet Filtering - 29.May2001 9:08:00 PM

aquabubble

Posts: 19
Joined: 29.May2001
Status: offline

Can anyone explain the comment in the ISA Server help file:

"Server publishing rules and Internet Protocol (IP) packet filters both open specific ports for communication between the local network and the Internet. In most situations, you will use server publishing rules to make internal servers accessible to external clients. Indeed, it is recommended that you use server publishing rules, because application filters can further process requests destined for the server. For more information on application filters, see Application filters.

"In some cases, IP packet filters must be used:

"* When you are publishing servers that are situated on a perimeter network (also known as a DMZ, demilitarized zone, and screened subnet), you must use IP packet filters to make them accessible to external clients."

Why can't you use publishing rules for servers inside a DMZ?

Post #: 1

Featured Links*

RE: Server Publishing vs Packet Filtering - 31.May2001 9:33:00 AM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Bubble,

Good question. The reason why you can use Server Publishing rules is that routed communications are not processed through the ISA Server rules engine. Only requests moving between the internal and external network (as defined by the LAT).

Since packets are routed between the Internet and the DMZ, the only way to allow access into and out of the DMZ is by creating packet filters.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here