Web/Exchange/SharePoint/Server (Full Version)

All Forums >> [ISA 2006 Publishing] >> Web Publishing



Message


ldoodle -> Web/Exchange/SharePoint/Server (29.Mar.2007 6:03:41 AM)

Hi,
 
I have a 'general' question which will apply to all kinds of server publishing so will just post the one thread here.
 
http://www.aylesford.kent.sch.uk/images/technical/NetworkDiagram.jpg
 
I am re-configuring our network to include a DMZ and an ISA 2006 server. Our ISP have provided us with a managed Cisco 2811 router, which has hardware DMZ built-in.
 
I need to have protected web areas for user logons and would like to tie this in with our AD. So the plan is to have ISA in the DMZ, which will then publish servers on the LAN side to external clients. I will be using Path Redirection from one single domain (as we are a school and kids have enough trouble remembering passwords, let alone understanding sub-domains!)
 
My questions though, are:
 
I would like to use https: for Exchange and SharePoint - what it the process of configuring ISA to redirect http://www.domain.com/mail to https://server1/owa and http://www.domain.com/sharepoint to https://server2/sharepoint etc
 
How do I configure SSO for all internal domains
 
There's other things i'm sure, but won't know these until the server is up and running.
 
Thanks very much/...
 
 




tshinder -> RE: Web/Exchange/SharePoint/Server (9.Apr.2007 10:13:59 AM)

The ISA Firewall is a network firewall, so this design really isn't appropriate. Why? Because the ISA Firewall needs to be an inline device between the Internet and the devices that are being protected. From what I see here, its quite simple to bypass the ISA Firewall.

Put the ISA Firewall behind the router and then create anonymous and authenticated access DMZs as required. Analyze your security zones and put hosts in the appropriate security zone that is segregated by the ISA Firewall.

There are articles on this site on how to do this.

HTH,
Tom




Page: [1]