ISA Design in Network Infras (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure



Message

niggersak -> ISA Design in Network Infras (23.Jul.2008 9:52:10 AM)

Hi Guys,

I  have a  flat network with no Vlan. I have presently Two AD Servers running with  an Exchange 2007 cluster nodes. I also have Cluster PIX Firwall running for filtering and Firewall Services.

I  am intending on adding  an ISA 2004 Server for In -out  traffic on the internet for users. We are running  a western Union Software that rely on the internet.

The main  aim of the ISA 2004 is to control the user usage of the internet. We want to control who can access the internet and at what time he/she has privilege.

How do i design such a network to work  werll? Do i have to install the ISA as a Proxy , Cache or Firewall with Filtering on Http ports. I need some tips from you Guys.How many network cards do i need in this configuration.

regard,

nigger



pwindell -> RE: ISA Design in Network Infras (25.Jul.2008 10:50:39 AM)

A single-nic ISA is a waste of time.

Either run the ISA with the PIX in a Back-to-Back DMZ model,...or run the ISA and the PIX side-by-side with each running and functioning totally independent of each other.



niggersak -> RE: ISA Design in Network Infras (28.Jul.2008 6:18:35 AM)

In designing  a back to back solution  with a DMZ model, should the  pix firewall face the edge of the internet or the ISA.

In the second scenario how will the ISA and the PIX run side by side.We only have one ISP connecting us to the internet with their 3600 series router.

Kindly throw some light on this aspect of my questions.



pwindell -> RE: ISA Design in Network Infras (4.Aug.2008 9:30:07 AM)

In designing  a back to back solution  with a DMZ model, should the  pix firewall face the edge of the internet or the ISA.

Usually:
[LAN]--<ISA>---(B2B DMZ)---<PIX>---[Internet]

In the second scenario how will the ISA and the PIX run side by side.We only have one ISP connecting us to the internet with their 3600 series router.

Each has their own IP#
A Switch sits on the Public Side (Switches don't need IP#s)
Plug them into the switch

"Home-user" Line technologies like DSL or CableTV can be a problem and may not even be able to be done easily.  Only the ISP could answer that (assuming they are smart enough).  That is why Home-User technology belongs at Home,....Commercial technology belongs in the business world.

Also,...just because "Marketing" calls some DSL or CableTV accounts "business accounts" does not change the technology they operate by,..it is just "marketing speak".



Page: [1]