Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Roll up discussion link for posts up to 02-5-2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> RE: Roll up discussion link for posts up to 02-5-2006 Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: Roll up discussion link for posts up to 02-5-2006 - 14.Feb.2006 10:04:46 PM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: SteveMoffat

I've been running 2006 as my production server for a while now, stable, reliable and the new stuff is pretty funky.

Steve


Hi Steve,

You're a pretty brave man. I've been finding a number of bugs, and only just started digging!

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to SteveMoffat)
Post #: 21
RE: Roll up discussion link for posts up to 02-5-2006 - 14.Feb.2006 10:30:02 PM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: Ashokk001

Hi Tom,

Just a quick question - Does the 2006 version offer the ability to do static 1:1 NAT i.e. control the outgoing IP address? This was the issue faced by many people as you see from the forums, is it available in 2006. I have downloaded the beta but haven't had the time to test it yet.

TIA,

Ashok.


Hi Ashokk,

No :(

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Ashokk001)
Post #: 22
RE: Roll up discussion link for posts up to 02-5-2006 - 14.Feb.2006 10:32:18 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Ashok,

No, still no joy!

HTH,
Stefaan

(in reply to Ashokk001)
Post #: 23
RE: Roll up discussion link for posts up to 02-5-2006 - 15.Feb.2006 4:17:33 PM   
Ashokk001

 

Posts: 232
Joined: 6.Oct.2005
Status: offline 		Well that is unfortunate! because there so many people asking for it. I hope MS listen to customers and try to incoporate this facility before the main release.

The question of wheather people use it or not is not important but they should at least give the flexibility so you can do this.

Ashok.

(in reply to tshinder)
Post #: 24
RE: Roll up discussion link for posts up to 02-5-2006 - 16.Feb.2006 4:05:17 AM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Ashok,

You won't see it with the 2006 release. Maybe the next one.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Ashokk001)
Post #: 25
RE: Roll up discussion link for posts up to 02-5-2006 - 16.Feb.2006 5:03:20 PM   
ketilgri

 

Posts: 13
Joined: 20.Jul.2004
From: Norway
Status: offline 		Hi, all
 
 I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move.
 
...
ketil

(in reply to tshinder)
Post #: 26
RE: Roll up discussion link for posts up to 02-5-2006 - 16.Feb.2006 7:31:21 PM   
Ashokk001

 

Posts: 232
Joined: 6.Oct.2005
Status: offline 		Well, I was hoping that this feature would be in 2006 but in a way i'm not surprised, they don't seem to be listening to customers - MS that is. I know this has been said before but even the cheaper FW vendors are offering this and the open source FW as well so how hard can it be to provide this functionality. IS this the case that they simple cannot do, this given the design of ISA 2004/2006??

I have explored all avenues that i know of doing a workaround for the mail problem and if we enable the same IP (which the primary) of IP to match the reverse DNS for our mail then this results in ridiculous amount of spam, however if i use another IP then spam is reduced but the reverse DNS is broken . Few people have suggested having duplicate host records but its a make do solution.

Ashok.

(in reply to tshinder)
Post #: 27
RE: Roll up discussion link for posts up to 02-5-2006 - 17.Feb.2006 2:32:38 PM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: ketilgri

Hi, all
 
 I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move.
 
...
ketil


Hi Ketil,
What does the SSL VPN provide these users that they can't get with the ISA firewall now? What resources do they need to access that only an SSL VPN can provide?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to ketilgri)
Post #: 28
RE: Roll up discussion link for posts up to 02-5-2006 - 17.Feb.2006 2:34:23 PM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: Ashokk001

Well, I was hoping that this feature would be in 2006 but in a way i'm not surprised, they don't seem to be listening to customers - MS that is. I know this has been said before but even the cheaper FW vendors are offering this and the open source FW as well so how hard can it be to provide this functionality. IS this the case that they simple cannot do, this given the design of ISA 2004/2006??

I have explored all avenues that i know of doing a workaround for the mail problem and if we enable the same IP (which the primary) of IP to match the reverse DNS for our mail then this results in ridiculous amount of spam, however if i use another IP then spam is reduced but the reverse DNS is broken . Few people have suggested having duplicate host records but its a make do solution.

Ashok.


Hi Ashok,
The problem is that duplicate DNS entries are not RFC compliant and not all mail servers will work with that.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Ashokk001)
Post #: 29
RE: Roll up discussion link for posts up to 02-5-2006 - 17.Feb.2006 4:09:32 PM   
ketilgri

 

Posts: 13
Joined: 20.Jul.2004
From: Norway
Status: offline 		Hi Tom!

SSL VPN will provide full access to all internal resources as long as tcp port 443 is open from where the user is situated. Checkpoint have had this for many years in their SecureClient, calling it "Visitor Mode". Now they have an add-on called SSL Extender which makes this possible with only a web browser and a downloadable plug-in. The problem with Microsoft's VPN client is that PPTP and/or the L2TP/ipsec port often are not open through firewall where you are visiting. I know in the future increased use of OWA and Sharepoint will reduce this problem, but for now this is a big problem for many users.

...
ketil


quote:

ORIGINAL: tshinder

quote:

ORIGINAL: ketilgri

Hi, all
 
 I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move.
 
...
ketil


Hi Ketil,
What does the SSL VPN provide these users that they can't get with the ISA firewall now? What resources do they need to access that only an SSL VPN can provide?

Thanks!
Tom

(in reply to tshinder)
Post #: 30
RE: Roll up discussion link for posts up to 02-5-2006 - 18.Feb.2006 7:20:45 PM   
Ashokk001

 

Posts: 232
Joined: 6.Oct.2005
Status: offline
quote:

ORIGINAL: tshinder

quote:

ORIGINAL: Ashokk001

Well, I was hoping that this feature would be in 2006 but in a way i'm not surprised, they don't seem to be listening to customers - MS that is. I know this has been said before but even the cheaper FW vendors are offering this and the open source FW as well so how hard can it be to provide this functionality. IS this the case that they simple cannot do, this given the design of ISA 2004/2006??

I have explored all avenues that i know of doing a workaround for the mail problem and if we enable the same IP (which the primary) of IP to match the reverse DNS for our mail then this results in ridiculous amount of spam, however if i use another IP then spam is reduced but the reverse DNS is broken . Few people have suggested having duplicate host records but its a make do solution.

Ashok.


Hi Ashok,
The problem is that duplicate DNS entries are not RFC compliant and not all mail servers will work with that.

HTH,
Tom


Hi Tom,

Yes and this is the reason why we don't have the duplicate dns entries. We do have some mails that can't be sent because our reverse dns solution is broken so its a case of finding a workaround if there is one :(

Ashok.

(in reply to tshinder)
Post #: 31
RE: Roll up discussion link for posts up to 02-5-2006 - 18.Feb.2006 8:12:58 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		<edit> Sorry - wrong thread

< Message edited by ClintD -- 18.Feb.2006 8:15:00 PM >

(in reply to Ashokk001)
Post #: 32
RE: Roll up discussion link for posts up to 02-5-2006 - 20.Feb.2006 3:06:32 PM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: ketilgri

Hi Tom!

SSL VPN will provide full access to all internal resources as long as tcp port 443 is open from where the user is situated. Checkpoint have had this for many years in their SecureClient, calling it "Visitor Mode". Now they have an add-on called SSL Extender which makes this possible with only a web browser and a downloadable plug-in. The problem with Microsoft's VPN client is that PPTP and/or the L2TP/ipsec port often are not open through firewall where you are visiting. I know in the future increased use of OWA and Sharepoint will reduce this problem, but for now this is a big problem for many users.

...
ketil


quote:

ORIGINAL: tshinder

quote:

ORIGINAL: ketilgri

Hi, all
 
 I think the lack of SSL VPN is a serious problem with this version. many of the competitors these days like for instance Checkpoint, are now offering this. It really make life a lot easier for people on the move.
 
...
ketil


Hi Ketil,
What does the SSL VPN provide these users that they can't get with the ISA firewall now? What resources do they need to access that only an SSL VPN can provide?

Thanks!
Tom



Hi Ketil,

Thanks! But what I'm wondering now is if you actually need any kind of VPN. Will Web and Server Publishing Rules work for you?

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to ketilgri)
Post #: 33

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> RE: Roll up discussion link for posts up to 02-5-2006 Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts