hi thomas , i have setting up isa server 2004 on one machine with 2 nics, on another machine exchange. I published exchange,ftp,www and owa . everything works fine. when I look in the monitoring log I see connections open and closed, even overnet is working fine,but I see also a lot of unidentified traffic passing. is this normal behaviour?.I see also that when there is a making a connections on ports thats doesn,t match a rule which I made before it s denied.I think myself that overnet tries to make connections on incoming that I not allowed for the rule I made. ougoing from internal to external for all protocols is allowed. second questions is dns. I setup an internal dns on the exchange machine with forwarding my external isp dns. I set up on the isa internal nic to use the dns on the exchange. this works so far. is this the right way for setting up dns for isa . I can resolve hostnames on the isa and the exchange,and my cliens use the ipadres of the internal nic of the isa as the gateway this works ? is this the right way ? or is there a more secure way thanks for help andy
The DNS setup is fine, that's the one I use many times.
The unidenfied traffic could be repsonse traffic, or protocols that do not have a protocol defintion defined for them. If the traffic is allowed, and you have an "all open" outbound access rule, then all traffic will be allowed outbound.