Multiple External Networks (Full Version)

All Forums >> [ISA Server 2004 General ] >> Installation



Message

faisal7977 -> Multiple External Networks (16.May2008 8:09:30 AM)

I'm new to ISA world. i want to implement ISA server 2004 in my office.
Current infrastructure of my office is
- 1 DC
- 1 Web server (Joined to Domain) for local testing of our products.
- 60 Workstations (in 6 Departments, Each Department have 10 workstations).
- 6 DSL 2Mbps lines (1 for each department).

i'm from Pakistan and the maximum available connection here is 2Mbps DSL line that i already have. so i cannot upgrade my connections to T1/T3 lines.

The requirement is to distribute bandwidth, apply policies on department level AND domain level. Content filtration etc. and a firewall also.

Basically i want to do some kind routing. e.g
if the IP is from Accounts department, it should  go to DSL line 1 and follow these rules.
if the IP is from sales department, it should  go to DSL line 2 and follow these rules.
etc.

Moreover i want to allow lets say only sales department to use MSN/Yahoo Messenger in particular timmings.

Here are my basic questions:
Can a single ISA machine administer all 6 departments?
Can ISA 2004 support multiple external interfaces?
Can ISA 2004 supports multiple internal interfaces?

if answers of all three questions are yes then which hardware would be best suitable to connect 6 DSL lines and 1 Local Network in a single box. A motherboard normally have 3-4 or maximum 6 PCI slots but my requirement is more than that.

if any of answer is no then what should i go for?

can i use a router, if yes then which one would it be?

i can send you the required network diagram by email.



pwindell -> RE: Multiple External Networks (16.May2008 2:07:47 PM)

The general over-all answer is:,..no it is not possible,...but,....

Your options are:

1. Blend both lines into a single line by purchasing a broadband "router" that has two WAN ports and is designed for this purpose.  Run both lines into the same box.  Then run the ISA Server bhind this.  This will create a Back-to-Back DMZ between the ISA and the broadband device

2. Another option would be to have 2 ISA Servers. Each should be on its own dedicated computer.  Run one ISA with each DSL line.  The line the users will use depends on which ISA they are configured to use.


Running Messengers from behind any proxy is problematic. They will never be fully functional.  Most people want to stop them from working,..not make them work,...due to the security risks.  The subject of Messengers is too broad for me to cover,...you need to research that yourself in the articles/tutorials on this site or on MS's site.



Page: [1]