• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Help for planning...

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Help for planning... Page: [1]
Login
Message << Older Topic   Newer Topic >>
Help for planning... - 5.Dec.2006 4:21:12 AM   
rezanet

 

Posts: 16
Joined: 29.Nov.2006
Status: offline
Hi

I have trouble to find a good plan for our network!
we want to deploy an ISA server 2006 for caching and content filtering and monitoring the traffic in this network :

Internet                                                                                
           --->Router1---> Firewall--->Router2--->Campos1(LAN)
Intranet                                                 ^--->Router3--->Campos2(LAN)       

defult gateway for all clients is router2.
we have a VPN intranet also and the firewall only allow specific IP range to be passed!it mean that I have only one subnet to config my ISA(255.255,254.0)
I know that it's possible to break it into separate networks but because of some reasons we can't do any change in our IP addressing!
We have also FTP,HTTP,Terminal service... servers which must be accessible from Intranet!
So please help me about this and tell me how can I config my ISA to achieve the services I explained?


Thank you.    
Post #: 1
RE: Help for planning... - 7.Dec.2006 7:06:02 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Place the ISA Firewall either behind the current firewall or in parallel. The parallel configuration is probably more secure, because you can fully take advantage of the ISA Firewall's security model and capabiliteis.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rezanet)
Post #: 2
RE: Help for planning... - 8.Dec.2006 9:46:44 AM   
rezanet

 

Posts: 16
Joined: 29.Nov.2006
Status: offline
Thank you for your attention Mr.Shinder,
Would you please tell me more about Parallel Configuration?
Which Template I have to choose? :(

BR.

(in reply to tshinder)
Post #: 3
RE: Help for planning... - 8.Dec.2006 9:51:16 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi BR,

Check out:

http://www.isaserver.org/tutorials/2004isapixdmz.html

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rezanet)
Post #: 4
RE: Help for planning... - 9.Dec.2006 6:58:10 AM   
rezanet

 

Posts: 16
Joined: 29.Nov.2006
Status: offline
Hi again Dr.shinder and thank you so much for your kind help :)

Your document was so helpfull , I'm trying to install my ISA 2006 in back to back scenario which I thought it's best scenario for our network.
but I need little more help about that;)
let me explain more detail:
We have a Checkpoint firewall as gateway and internal interface IP of that is (10.206.28.1/255.255.254.0) and I configure ISA external interface with IP addres(10.206.28.2/255.255.254.0) and the internal interface IP is (10.206.28.3/255.255.254.0) now the internet connection for LAN clients is ok but our intranet is inaccessible! I cant use NAT in my configuration becouse of Intranet Netmeeting users and other application's which will fail to work if NAT proccess applied.
The only IP range that Firewall allow to be transfer is (10.206.28.0-10.206.31.255).
when I deploy ISA based on this scenario it gives me an alert about configuration! I know that it's because both interfaces are in the same network ID but I can't change my IP addressing! I need my ISA to work as a router and not using NAT...
and also my FTP server still inaccessible from intranet even when I published it!:(

Please help me about this :( I'm new to ISA server :(

Thank you again.

BR=Best Regards.

(in reply to tshinder)
Post #: 5
RE: Help for planning... - 10.Dec.2006 2:43:56 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Rezanet,

You can create an ISA Firewall Network for the Network ID representing the DMZ between the ISA Firewall and the Check Point device, and create a Network Rule set to Route between the ISA Firewall's default Internal Network and that DMZ Network. That should solve some of the VoIP issues.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rezanet)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Help for planning... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts