I recently inherited a two, soon to be four, site network. The sites are connected via an ISP managed MPLS network and the new sites are going to connect in the same way. The break-out point for the MPLS network is at the ISP.
The head office is running ISA Server 2006 Standard in single-NIC, cache-only(ish) mode. ISA is the only machine on the network allowed HTTP/S traffic through the MPLS firewall.
At the moment ISA is also publishing OWA 2003 for remote workers however, I would like to use it to it's fuller potential and securly publish ActiveSync for mobile devices, TSWeb, OWA 2003, Outlook RPC-over-HTPPS etc.
Can anyone offer me advice as to how I can achieve this? I presume one of the first steps would be to add another NIC to the server and make it publicly available via a DMZ??
Any advice anyone can offer would be greatly appreciated.
The 1st, you configure ISA in a back-to-back mode. So the DMZ will be between the MPLS Firewall and ISA Firewall. The 2nd, you also configure ISA in a back-to-back mode and with a third NIC to create a DMZ on ISA.
I recommend you follow the second scenario and take advantage of ISA application layers filters.