Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Tutorial By Thomas Shinder
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Tutorial By Thomas Shinder - 31.Jan.2007 3:45:46 AM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
At the end of 2005 Thomas Shinder did a tutorial entitled " Configure ISA 2004 as a Network Services Segment Perimeter Firewall" in 5 parts.
Presumably this can be used with ISA 2006. If so what would be the main issues to look for.
Many thanks.
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 31.Jan.2007 8:18:25 PM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
Thanks for that.
I was intrigued why you commenced the article with the exchange server separate from the dc and then combined the two in the practical walk through. Was there a reason for this or just to make life simplier.
I intend to follow the walk through using isa 2006 and a separate exchange and dc.
Is there anything I should be vary of.
Many thanks
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 1.Feb.2007 2:05:30 AM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
Additional points.
ISA 2006 has 5 templates: edge, 3 leg perimeter, front, back and single adapter.
In your tutorial, section 2 you start off by saying create a firewall network on the Network Services Perimeter firewall. You follow this up with a rule on the same firewall. Then an access rule, a publishing rule, an access rule and so on.
At this later stage under the heading " Create the access rule allowing DNS from the DNS Server to the Internet" part 1. you commence "AT the back-end ISA firewall.........................."
Do I assume therefore that the template to be used for the Services Perimeter Firewall should be the Back Firewall and the template for the Edge ISA Firewall should be the Edge Firewall.
Many thanks and I must say the tutorial is very easy to follow.
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 1.Feb.2007 10:56:12 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: silom
Hi,
Thanks for that.
I was intrigued why you commenced the article with the exchange server separate from the dc and then combined the two in the practical walk through. Was there a reason for this or just to make life simplier.
I intend to follow the walk through using isa 2006 and a separate exchange and dc.
Is there anything I should be vary of.
Many thanks
The 2006 stuff focuses on some of the Web Publishing and authentication issues with the new ISA Firewall. DMZ stuff is all about networking, and the networking core hasn't changed between the 2004 and 2006 ISA Firewalls.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 1.Feb.2007 10:58:02 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: silom
Hi,
Additional points.
ISA 2006 has 5 templates: edge, 3 leg perimeter, front, back and single adapter.
In your tutorial, section 2 you start off by saying create a firewall network on the Network Services Perimeter firewall. You follow this up with a rule on the same firewall. Then an access rule, a publishing rule, an access rule and so on.
At this later stage under the heading " Create the access rule allowing DNS from the DNS Server to the Internet" part 1. you commence "AT the back-end ISA firewall.........................."
Do I assume therefore that the template to be used for the Services Perimeter Firewall should be the Back Firewall and the template for the Edge ISA Firewall should be the Edge Firewall.
Many thanks and I must say the tutorial is very easy to follow.
NOOOOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!
I NEVER use the templates. You should never use the templates. Just accept the default configuration after you install the ISA Firewall on the multihomed computer. Use the templates at YOUR OWN RISK.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 2.Feb.2007 6:19:18 AM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
Thank you again.
I have sent an email requesting the deployment kit.doc.
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 5.Feb.2007 1:45:02 AM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
In part 4 of the tutorial you have talked about the neccessity of adding a persistant route (if no router used.
I have followed the instructions but every time I have tried I get an error in that the mask is wrong. I am at a loss on this one. Could you please advise.
Also in the same part of the tutorial under "Create the Network Services Perimeter OWA Web Publishing Rule.
This deals with tunneling to the address of the listener on the external interface of the services firewall.
I cannot find an equivalent rule in ISA 2006. The nearest I come to it is under Web Chaining and they only use "Bridging". Please could you also assist on this one.
Many thanks
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 5.Feb.2007 5:47:24 PM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
Open cmd.
Type "route -p 10.0.0.0 MASK 255.255.255.0 10.0.1.2"
Click enter
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 6.Feb.2007 3:27:58 AM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
Have found the error for route additions. I omitted the "add".
Ok the current status is.
Have joined perimeter firewall to DC and can ping both address and computer name.
For the edge server I can ping the DC with its address but not otherwise and I cannot join the server to the DC.
I have carefully checked through the tutorial with specific reference to both the configurations of the Edge and Perimeter ISA servers. I have not configured either for the Exchange server at this time.
Many thanks your patience and kind assistance.
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 7.Feb.2007 12:32:10 AM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
Whilst I understand what you mean I am not sure on proceedure.
In part 4 of the tutorial under "join the Edge ISA Firewall to the Domain"
you note that the Edge server is configured to use the DNS server on the network
services segment and the network services segment is configured to support name
resolution within the network........................"
I presume these were achieved by following the tutorial sections.
Please advise. Many thanks
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 8.Feb.2007 1:13:34 AM
|
|
|
silom
Posts: 9
Joined: 31.Jan.2007
Status: offline
|
Hi,
I understand what is happening in that the name is not being resolved.
I am sorry to be such a dunce but I do not know how to create the required policy.
I am even more confused in that when I set a rule to ping the addresses, if I do this from the segment firewall to the edge server and ping with the name of the server, it will respond as follows:- edgefwll.coolstuff.org. That seems to imply it is already part of the network but I know it is not.
Thanks
|
|
|
|
|
RE: Tutorial By Thomas Shinder - 13.Feb.2007 3:37:56 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
If the name is resolving correctly, it should be using the internal DNS server behind the network services segment ISA Firewall. The only other thing that would allow that to work is if you have a hosts file doing the name resolution.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
