RE: Roll up discussion link for posts up to 02-5-2006

RE: Roll up discussion link for posts up to 02-5-2006 (Full Version)

All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion

Message

tshinder -> RE: Roll up discussion link for posts up to 02-5-2006 (14.Feb.2006 10:04:46 PM)
quote: ORIGINAL: SteveMoffat I've been running 2006 as my production server for a while now, stable, reliable and the new stuff is pretty funky. Steve Hi Steve, You're a pretty brave man. I've been finding a number of bugs, and only just started digging! Tom

tshinder -> RE: Roll up discussion link for posts up to 02-5-2006 (14.Feb.2006 10:30:02 PM)
quote: ORIGINAL: Ashokk001 Hi Tom, Just a quick question - Does the 2006 version offer the ability to do static 1:1 NAT i.e. control the outgoing IP address? This was the issue faced by many people as you see from the forums, is it available in 2006. I have downloaded the beta but haven't had the time to test it yet. TIA, Ashok. Hi Ashokk, No :( Tom

spouseele -> RE: Roll up discussion link for posts up to 02-5-2006 (14.Feb.2006 10:32:18 PM)
Hi Ashok, No, still no joy! [:@] HTH, Stefaan

Ashokk001 -> RE: Roll up discussion link for posts up to 02-5-2006 (15.Feb.2006 4:17:33 PM)
Well that is unfortunate! because there so many people asking for it. I hope MS listen to customers and try to incoporate this facility before the main release. The question of wheather people use it or not is not important but they should at least give the flexibility so you can do this. Ashok.

tshinder -> RE: Roll up discussion link for posts up to 02-5-2006 (16.Feb.2006 4:05:17 AM)
Hi Ashok, You won't see it with the 2006 release. Maybe the next one. Tom

ketilgri -> RE: Roll up discussion link for posts up to 02-5-2006 (16.Feb.2006 5:03:20 PM)
Hi, all I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move. ... ketil

Ashokk001 -> RE: Roll up discussion link for posts up to 02-5-2006 (16.Feb.2006 7:31:21 PM)
Well, I was hoping that this feature would be in 2006 but in a way i'm not surprised, they don't seem to be listening to customers - MS that is. I know this has been said before but even the cheaper FW vendors are offering this and the open source FW as well so how hard can it be to provide this functionality. IS this the case that they simple cannot do, this given the design of ISA 2004/2006?? I have explored all avenues that i know of doing a workaround for the mail problem and if we enable the same IP (which the primary) of IP to match the reverse DNS for our mail then this results in ridiculous amount of spam, however if i use another IP then spam is reduced but the reverse DNS is broken [:@]. Few people have suggested having duplicate host records but its a make do solution. Ashok.

tshinder -> RE: Roll up discussion link for posts up to 02-5-2006 (17.Feb.2006 2:32:38 PM)
quote: ORIGINAL: ketilgri Hi, all I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move. ... ketil Hi Ketil, What does the SSL VPN provide these users that they can't get with the ISA firewall now? What resources do they need to access that only an SSL VPN can provide? Thanks! Tom

tshinder -> RE: Roll up discussion link for posts up to 02-5-2006 (17.Feb.2006 2:34:23 PM)
quote: ORIGINAL: Ashokk001 Well, I was hoping that this feature would be in 2006 but in a way i'm not surprised, they don't seem to be listening to customers - MS that is. I know this has been said before but even the cheaper FW vendors are offering this and the open source FW as well so how hard can it be to provide this functionality. IS this the case that they simple cannot do, this given the design of ISA 2004/2006?? I have explored all avenues that i know of doing a workaround for the mail problem and if we enable the same IP (which the primary) of IP to match the reverse DNS for our mail then this results in ridiculous amount of spam, however if i use another IP then spam is reduced but the reverse DNS is broken [:@]. Few people have suggested having duplicate host records but its a make do solution. Ashok. Hi Ashok, The problem is that duplicate DNS entries are not RFC compliant and not all mail servers will work with that. HTH, Tom

ketilgri -> RE: Roll up discussion link for posts up to 02-5-2006 (17.Feb.2006 4:09:32 PM)
Hi Tom! SSL VPN will provide full access to all internal resources as long as tcp port 443 is open from where the user is situated. Checkpoint have had this for many years in their SecureClient, calling it "Visitor Mode". Now they have an add-on called SSL Extender which makes this possible with only a web browser and a downloadable plug-in. The problem with Microsoft's VPN client is that PPTP and/or the L2TP/ipsec port often are not open through firewall where you are visiting. I know in the future increased use of OWA and Sharepoint will reduce this problem, but for now this is a big problem for many users. ... ketil quote: ORIGINAL: tshinder quote: ORIGINAL: ketilgri Hi, all I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move. ... ketil Hi Ketil, What does the SSL VPN provide these users that they can't get with the ISA firewall now? What resources do they need to access that only an SSL VPN can provide? Thanks! Tom

Ashokk001 -> RE: Roll up discussion link for posts up to 02-5-2006 (18.Feb.2006 7:20:45 PM)
quote: ORIGINAL: tshinder quote: ORIGINAL: Ashokk001 Well, I was hoping that this feature would be in 2006 but in a way i'm not surprised, they don't seem to be listening to customers - MS that is. I know this has been said before but even the cheaper FW vendors are offering this and the open source FW as well so how hard can it be to provide this functionality. IS this the case that they simple cannot do, this given the design of ISA 2004/2006?? I have explored all avenues that i know of doing a workaround for the mail problem and if we enable the same IP (which the primary) of IP to match the reverse DNS for our mail then this results in ridiculous amount of spam, however if i use another IP then spam is reduced but the reverse DNS is broken [:@]. Few people have suggested having duplicate host records but its a make do solution. Ashok. Hi Ashok, The problem is that duplicate DNS entries are not RFC compliant and not all mail servers will work with that. HTH, Tom Hi Tom, Yes and this is the reason why we don't have the duplicate dns entries. We do have some mails that can't be sent because our reverse dns solution is broken so its a case of finding a workaround if there is one :( Ashok.

ClintD -> RE: Roll up discussion link for posts up to 02-5-2006 (18.Feb.2006 8:12:58 PM)
<edit> Sorry - wrong thread

tshinder -> RE: Roll up discussion link for posts up to 02-5-2006 (20.Feb.2006 3:06:32 PM)
quote: ORIGINAL: ketilgri Hi Tom! SSL VPN will provide full access to all internal resources as long as tcp port 443 is open from where the user is situated. Checkpoint have had this for many years in their SecureClient, calling it "Visitor Mode". Now they have an add-on called SSL Extender which makes this possible with only a web browser and a downloadable plug-in. The problem with Microsoft's VPN client is that PPTP and/or the L2TP/ipsec port often are not open through firewall where you are visiting. I know in the future increased use of OWA and Sharepoint will reduce this problem, but for now this is a big problem for many users. ... ketil quote: ORIGINAL: tshinder quote: ORIGINAL: ketilgri Hi, all I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move. ... ketil Hi Ketil, What does the SSL VPN provide these users that they can't get with the ISA firewall now? What resources do they need to access that only an SSL VPN can provide? Thanks! Tom Hi Ketil, Thanks! But what I'm wondering now is if you actually need any kind of VPN. Will Web and Server Publishing Rules work for you? Tom

Page: << < prev 1 [2]