• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Moving to ISA recommendations

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Moving to ISA recommendations Page: [1]
Message << Older Topic   Newer Topic >>
Moving to ISA recommendations - 6.Jan.2005 4:22:00 PM   


Posts: 2
Joined: 5.Jan.2005
Status: offline
Here's the scenario:

Replace a single sonicwall pro 200 firewall that has a flaky NIC.
Increase security using the app filtering
Ease VPN connection setup tied into my AD
Add redundacy (most important)
and do this with the least complication I can.

My original plan:
Replace the sonicwall with a pair of ISA 2004 boxes, either hardware load balanced, or using EE when it is released.

The current set up:
A radware Linkproof loadbalancing IP blocks. This devices exposes a private IP class as a transient network, which in turn become the public IPs on the sonicwall.

The sonicwall uses NAT for both a LAN and a DMZ network, with the DMZ being a private set of IP addresses.

The issues I see:
As i read the tutorials and docs, it seems that ISA is expecting a public set of IPs on the DMZ.

So, that would require either changing the IPs on all my machines and internal DNS servers (we host a lot of mail servers so it is a bit more complicated than it may seem), and has a lot of room for manual entry errors that may not show up easily.


using a back to back ISA setup. But for redundancy this will a total of 4 boxes. The expense isn't as much an issue as the added complexity of this setup.

My questions:

Do the issues I state here seem to be true? Am i missing something in the docs?

If the second option will work, does a back to back setup offer enough benefit (perhaps adding a honeypot between) to justify the expense and complexity.

I'm open to all comments, but my main goal is to add redundancy and security.

Thanks for any info you can provide.

[ January 06, 2005, 04:50 PM: Message edited by: Steve Z ]
Post #: 1
RE: Moving to ISA recommendations - 7.Jan.2005 4:17:00 AM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Steve,

No no no no NOOOOO!

Your DMZ can be public or private addresses with the new ISA firewall. The public address limitation was an ISA 2000 problem.


(in reply to szohn)
Post #: 2
RE: Moving to ISA recommendations - 9.Jan.2005 5:44:00 PM   


Posts: 2
Joined: 5.Jan.2005
Status: offline
Thanks! You're book arrived Friday, I hope to read through it tonight, perhaps I'll see what I was missing.

(in reply to szohn)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> Moving to ISA recommendations Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts