Welcome to ISAserver.org

Single NIC

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Single NIC

Page: [1]

Message

<< Older Topic Newer Topic >>

Single NIC - 21.Jan.2008 7:17:40 AM

kschlafley

Posts: 2
Joined: 21.Jan.2008
Status: offline

We are a public school on a private network behind a firewall at our ISP. I want to use our ISA server to block internet sites. Right now I am using GP in the AD to block groups but would like to filer and block sites. Can this be done or do I need to reconfigure using both NIC's and maybe the back-end firewall configuration?

Post #: 1

Featured Links*

RE: Single NIC - 21.Jan.2008 11:23:39 AM

ajonesy

Posts: 2
Joined: 21.Jan.2008
Status: offline

The ISA Server with a single nic is only got for caching and cannot be used for blocking sites.

You need to re-configure the ISA server with two NICs and use it as a proxy server and then you can use its filtering to block websites at your will.

Adam Jones

(in reply to kschlafley)

Post #: 2

RE: Single NIC - 22.Jan.2008 2:04:33 PM

elmajdal

Posts: 5103
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

Actually you can block site using a single nic.

With a Single Nic, ISA Server will work as a proxy server only, that supports http, https and ftp protocols.

check this article : http://www.isaserver.org/articles/2004domainnamesets.html

but the source and destination Networks will be from Internal to Internal.

read this :

quote:

Configuring ISA Server with a Single Network Adapter Configuration

Problem: There are a number of issues associated with the configuration of ISA Server on a computer with a single network adapter.
Cause: The causes include:

�Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. The Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer. This has implications for running applications located on the ISA Server computer.

�Application layer inspection. Application level filtering does not function, except for Web Proxy Filter for Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) over HTTP.

�Server publishing. Server publishing is not supported. Because there is no separation of Internal and External networks, ISA Server cannot provide the NAT functionality required in a server publishing scenario.

�Firewall clients. The Firewall Client application handles requests from Winsock applications that use the Firewall service. In a single network adapter environment, this service is only available in the context of the Local Host network (protecting the ISA Server computer), and Firewall Client requests are not supported.

�SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. In a single network adapter environment, this service is only available in the context of the Local Host network (protecting the ISA Server computer), and SecureNAT client requests are not supported.

�Virtual private networking. Site-to-site virtual private networks (VPNs) are not supported in a single network adapter scenario. Remote client VPN access is supported in a single network adapter scenario.

source : http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx

HTH,
Tarek

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to kschlafley)

Post #: 3