From: College of St. Joseph
Hello everyone, Iíll try my best to detail what I have set up. I have my ISA server as the only connection to the internet. Itís in integrated mode and 99% of the clients behind it are setup as securenat. Internally I have a dns server and a dhcp server on a box configured as a securenat (static ip and the gateway is set to the internal ip of the isa server). The internal dns is set to forward requests to my ispís dns. I can ping things no problem.
On the ISA itself I have the internal card setup with a static ip, and the dns is pointed to my internal dns. The outside card has my public ip. The dns and gateway are set to my isp.
Iíve tried to keep the setup as basic as possible. There is a protocol set for dns query and one for dns zone transfer. I have a client set for the dns, the mail server, and one for everyone else. The dns is the only one that uses the dns query and zone transfer.
The internet does work. It is just super amazing slow. My question is why is it so slow?
More information. I said 99% of the machines were securenat. I installed the firewall client on my machine to see what would happen. It runs great, pages pop up just fine. I uninstalled the firewall client to see it became slow again, it did. Next I put the ISA information into the connection settings of internet explorer. I think this is called a webclient. Hopefully I have my client types right. The webclient loaded pages fine.
So in summary.
Securenat = very slow Webclient = browsing fine Firewall client = browsing fine
Why is securenat slow? My hope was to just leave all the client machines as securenat so I wouldnít have to install or configure software on all of them.
2nd question. I read thru lots of articles that seemed to say that it was a bad idea to put the firewall client on an internal server. Why? Does it expose them somehow? I thought the firewall client was just for requesting information from the web, not publishing it.
I had the idea that if I put the firewall client on the dns server it would run faster, but It seems like that is a no-no.
Hopefully you didnít get to bored reading this and I look forward to helpful comments.