• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion of the Getting Started with ISA2004 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Discussion of the Getting Started with ISA2004 article Page: [1] 2 3 4   next >   >>
Login
Message << Older Topic   Newer Topic >>
Discussion of the Getting Started with ISA2004 article - 27.Jan.2004 6:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for dicussing the getting start with ISA2004 article at http://isaserver.org/articles/isa2004beta2.html.

Thanks!
Tom

[ January 27, 2004, 07:19 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion of the Getting Started with ISA2004 article - 27.Jan.2004 9:36:00 PM   
BobW

 

Posts: 227
Joined: 27.Mar.2002
Status: offline
I for one would like to discuss it....

Like is anyone planning on deploying the Beta on their live network? I am think about it...after ghosting my existing setup so if it chokes I can easily recover!

I am interested in the different clients. Still this goofy multiple client mode SNAT, proxy etc.

If so, can it block sites regardless of the client? (Currently with ISA2K it is abit sketchy as for blocking....)

Reporting/log viewing....better I hope...

What about clients.....I am assuming it is necessary to upgrade the client software as well?

I had an early look at an alpha and it appeared the integration with RRAS was much better.

Who is the Tom guy and how could he possibly be replying to every question on this board with a useful/helpful answer? [Wink]

Tom, please do not research my questions above, I just wanted to see if I could get something started!

Bob

(in reply to tshinder)
Post #: 2
RE: Discussion of the Getting Started with ISA2004 article - 27.Jan.2004 10:16:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bob,

[Big Grin]
Inline...

Like is anyone planning on deploying the Beta on their live network? I am think about it...after ghosting my existing setup so if it chokes I can easily recover!
[TOM] I'm using it in production network, and its been quite stable. Haven't been hacked as far as I know [Smile]

I am interested in the different clients. Still this goofy multiple client mode SNAT, proxy etc.
[TOM] Same client types, but you can use the SecureNAT config if you don't need the highest level of performance, accessibiity and reporting (i.e., you want it to act like a pix)

If so, can it block sites regardless of the client? (Currently with ISA2K it is abit sketchy as for blocking....)
[TOM] You bet! And the weirdness you used to have with the HTTP Redirector and authentication is history. If the client sends credentials, the firewall accepts them.

Reporting/log viewing....better I hope...
[TOM] Logging and reporting ROCKS. I'll do a review on this next.

What about clients.....I am assuming it is necessary to upgrade the client software as well?
[TOM] The firewall client should be upgraded for the beta; higher performance and even more reliable from what I'm told (I've never had a problem with the old FW client, so I can't see how it will be more reliable [Big Grin] )

I had an early look at an alpha and it appeared the integration with RRAS was much better.
[TOM} Much tighter VPN integration AND supports IPSec tunnel mode for gateway to gateway VPNs - now you can create site to site links with any other VPN gateway!

Who is the Tom guy and how could he possibly be replying to every question on this board with a useful/helpful answer?
[TOM] Tom's a bot. [Smile]

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion of the Getting Started with ISA2004 article - 27.Jan.2004 11:10:00 PM   
Money Penney

 

Posts: 132
Joined: 18.Sep.2002
From: Melbourne
Status: offline
Very cool new features, especially the realtime monitoring.

Tom how long have you been running this beta? I first saw a release of Beta 2 in November I think (not public) but was too busy at the end of last year to test it out.

Hopefully this release is a newer build than that, now I just need to find a spare box to test it on. Tempted to test it on my live box but not quite tempted enough [Smile]

(in reply to tshinder)
Post #: 4
RE: Discussion of the Getting Started with ISA2004 article - 27.Jan.2004 11:30:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi MP,

I've been running it live for a couple of months. However, its still beta software, so don't run it live on your business network. But you can run it at home where you can bang on the tires and not worry too much about complaining users [Smile]

Thanks!
Tom

(in reply to tshinder)
Post #: 5
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 12:45:00 AM   
BobW

 

Posts: 227
Joined: 27.Mar.2002
Status: offline
How long is the Beta good for? I mean compared to the final release. Will it last through the final release date?

Bob

(in reply to tshinder)
Post #: 6
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 1:22:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bob,

IIRC, its six months. Should be long enough, although there probably will be a RC1 or RC2 before final release, so you won't have to run the beta software until release.

HTH,
Tom

(in reply to tshinder)
Post #: 7
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 10:50:00 AM   
orentrutner

 

Posts: 17
Joined: 28.Jan.2004
From: Redmond
Status: offline
The beta build is good for 6 months, and should last at least until the product release. Commercial availability is expected mid CY 2004.

[ January 28, 2004, 11:41 AM: Message edited by: Oren Trutner [MSFT] ]

(in reply to tshinder)
Post #: 8
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 1:10:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Oren,

Thanks!
Tom

(in reply to tshinder)
Post #: 9
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 4:02:00 PM   
aroby

 

Posts: 3
Joined: 1.May2003
Status: offline
I found the article very helpful. I downloaded the software yesterday and soon had it up and running. The tip about configuring access to the internal DNS server was a godsend - I know that without that I would have been up all night trying to figure out what was going on.

A couple of questions :

1) what's happened to destination sets ? do they no longer exist ?

2) what's the equivalent to the Feature Pack RPC protocol ? One of the reasons I am trying the beta is to see if I can finally get Outlook behind ISA to connect to Exchange behind ISA, which I've never been able to do with the original ISA Server.

Thanks

Anthony

(in reply to tshinder)
Post #: 10
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 7:24:00 PM   
orentrutner

 

Posts: 17
Joined: 28.Jan.2004
From: Redmond
Status: offline
>> 1) what's happened to destination sets ? do they no longer exist ?
They morphed into other policy elements:
  • URL Sets, which contain lists of URLs, including optional sub-path . These can be used only with HTTP
  • Domain name sets, which contain lists of domain names. These cannot contain sub-paths, but can be used with all protocols
  • Computer sets, which can contain arbitrary sets of IP addresses
User feedback indicated that destination sets were ambiguous and were used too liberally across the product.
>> 2) what's the equivalent to the Feature Pack RPC protocol ? One of the reasons I am trying the beta is to see if I can finally get Outlook behind ISA to connect to Exchange behind ISA, which I've never been able to do with the original ISA Server.
RPC Protocols are... RPC protocols. You can create new ones directly in the protocols container in the toolbox.

(in reply to tshinder)
Post #: 11
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 7:32:00 PM   
orentrutner

 

Posts: 17
Joined: 28.Jan.2004
From: Redmond
Status: offline
Oh and thanks Tom. I hope you don't mind me jumping in to answer ISA Server 2004 questions now that the beta is out.

As you can imagine, we're all very excited to have the bits out there for people to review and evaluate.

(in reply to tshinder)
Post #: 12
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 7:35:00 PM   
DannyH

 

Posts: 152
Joined: 25.Sep.2001
From: Genova, Italy
Status: offline
Tom,

please tell me that ISA 2004 will be available
as an UPGRADE of the 2000 version, keeping
all the settings [Big Grin]

Danny

(in reply to tshinder)
Post #: 13
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 9:11:00 PM   
aroby

 

Posts: 3
Joined: 1.May2003
Status: offline
quote:
Originally posted by Oren Trutner [MSFT]:
>> 1) what's happened to destination sets ? do they no longer exist ?
They morphed into other policy elements:
  • URL Sets, which contain lists of URLs, including optional sub-path . These can be used only with HTTP
  • Domain name sets, which contain lists of domain names. These cannot contain sub-paths, but can be used with all protocols
  • Computer sets, which can contain arbitrary sets of IP addresses
User feedback indicated that destination sets were ambiguous and were used too liberally across the product.
Got it. That's much better. I was able to recreate some of my previous rules and it was a lot more straightforward. One suggestion - on the dialog box from which you choose network, computer etc sets to add them to a rule, it would be nice to be able to select multiple items rather than having to click one at a time.
quote:
Originally posted by Oren Trutner [MSFT]:
>> 2) what's the equivalent to the Feature Pack RPC protocol ? One of the reasons I am trying the beta is to see if I can finally get Outlook behind ISA to connect to Exchange behind ISA, which I've never been able to do with the original ISA Server.
RPC Protocols are... RPC protocols. You can create new ones directly in the protocols container in the toolbox.

How do I find out what to create to enable outbound Outlook to Exchange access ? Even with a rule allowing everything outbound, I still can't get Outlook to connect to Exchange. [Frown]

Anthony

(in reply to tshinder)
Post #: 14
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 9:29:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Oren Trutner [MSFT]:
Oh and thanks Tom. I hope you don't mind me jumping in to answer ISA Server 2004 questions now that the beta is out.

As you can imagine, we're all very excited to have the bits out there for people to review and evaluate.

Hi Oren,

No problem! I really appreciate your help on the boards. Come back early and often, and tell the rest of the guys and gals on the ISA team to visit the ISAServer.org Web boards too!

Thanks!
Tom

(in reply to tshinder)
Post #: 15
RE: Discussion of the Getting Started with ISA2004 article - 28.Jan.2004 9:31:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by DannyH:
Tom,

please tell me that ISA 2004 will be available
as an UPGRADE of the 2000 version, keeping
all the settings [Big Grin]

Danny

Hi Danny,

There is a migration path from ISA2000 and ISA2004. There is some information in the help file on this, and I'll be covering it here on the boards and in the book [Wink]

Thanks!
Tom

(in reply to tshinder)
Post #: 16
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 5:24:00 AM   
Arpophyllum

 

Posts: 22
Joined: 9.Nov.2002
From: Bellevue, WA
Status: offline
Is support for IPv6 in the beta? in the release?

If no, then why not?

There's a lot of talk about support for IPv6 in the windows server 2003 products, it would be a shame if ISA 2004 doesn't support it.

The screenshots imply that only IPv4 addresses are supported in the interface, but maybe that's what happens on a machine that doesn't have IPv6 installed.

(in reply to tshinder)
Post #: 17
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 8:16:00 AM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
Hi, I was wondering if anyone could comment on the interface limitation of ISA 2004? Will 2k4 raise the limitation of one private, public, and dmz interface? Can the new product instantiate more than one instance of the NAT process? In otherwords, can the DMZ use private IP addresses rather than the rather cluggie sub division of the public space?

Thanks,

John

(in reply to tshinder)
Post #: 18
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 8:24:00 AM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
One more question:

Will ISA 2k4 support affinity on multiple private to public SNATS?

I had a nasty situation with ISA 2K where when publishing mulitple mail servers (each with their own SNAT) outbound mail regardless of mapping was stamped with the default source address of the firewall (first address in the binding order).

This caused me much grief and ultimatly resulted in an unsuccessful implementation as reverse look ups to host had only an n-1 chance of resolving correctly.

So will the new product correct this deficiency?

Thanks,

John

(in reply to tshinder)
Post #: 19
RE: Discussion of the Getting Started with ISA2004 article - 29.Jan.2004 9:57:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by M S Ashe:
Is support for IPv6 in the beta? in the release?

If no, then why not?

There's a lot of talk about support for IPv6 in the windows server 2003 products, it would be a shame if ISA 2004 doesn't support it.

The screenshots imply that only IPv4 addresses are supported in the interface, but maybe that's what happens on a machine that doesn't have IPv6 installed.

Hi MSA,

No support for IPv6 that I'm aware of.

HTH,
Tom

(in reply to tshinder)
Post #: 20

Page:   [1] 2 3 4   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Discussion of the Getting Started with ISA2004 article Page: [1] 2 3 4   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts