• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA Firewall that's not actually firewalling.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> ISA Firewall that's not actually firewalling. Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA Firewall that's not actually firewalling. - 21.Jul.2005 11:19:00 AM   
danahallenbeck

 

Posts: 27
Joined: 24.Jan.2003
Status: offline
I am trying to split my 2 NICs up for internal and external communications so I can get the ISA firewall functionality that provides. My problem is that the server is not actually in a firewall situation. We have Cisco firewalls and the powers-that-be will not allow ISA to act as a REAL firewall.

Due to this, both NICs reside in the same subnet. I don't seem to be able to access anything, and I believe it is due to this. I tried caching mode, but ISA is limited in this configuration. Is there any way for me to get the functionality that the firewall provides without creating another vlan for the external card?

Dana Hallenbeck
Post #: 1
RE: ISA Firewall that's not actually firewalling. - 21.Jul.2005 3:08:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Dana,

No! The internal and external interface must be on different network ID's or subnets.

HTH,
Stefaan

(in reply to danahallenbeck)
Post #: 2
RE: ISA Firewall that's not actually firewalling. - 21.Jul.2005 3:40:00 PM   
danahallenbeck

 

Posts: 27
Joined: 24.Jan.2003
Status: offline
Thanks for the quick reply.

I was able to get it working by following some of the best practices noted in Tom Shinder's "ISA Firewall Best Practices, Tips and Tricks" article. After removing the default gateway from the internal card, removing DNS from the external card, and adding some routes for access internally, it all worked.

It did not resolve an issue that I was hoping it would, though. Streamed media (any type) does not seem to work. All other access works so far, though.

Any thoughts?

Dana

(in reply to danahallenbeck)
Post #: 3
RE: ISA Firewall that's not actually firewalling. - 21.Jul.2005 3:56:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Dana,

no, No, NO! That's an *unsupported* configuration! Both interfaces *must* be on *different* Network ID's or subnets.

HTH,
Stefaan

(in reply to danahallenbeck)
Post #: 4
RE: ISA Firewall that's not actually firewalling. - 21.Jul.2005 4:01:00 PM   
danahallenbeck

 

Posts: 27
Joined: 24.Jan.2003
Status: offline
Ok, ok... [Big Grin]

I will work with my Cisco guys to get something setup and see what we end up with. Any thoughts on this fixing my streaming media problem?

(in reply to danahallenbeck)
Post #: 5
RE: ISA Firewall that's not actually firewalling. - 22.Jul.2005 4:35:00 AM   
rino01

 

Posts: 69
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline
Hello Dana.

Streaming media have alot of threads in the forums and it seems that it all dempends of what kind of streaming media you would like to use. Install the firewall client on your clients and make a rule to allow the protocols thru the ISA Firewall, if that dosen't fix your problem do a search in the forums on "Streaming Media" and you will get alot of questions and answers. Hopfully it will helt you to solve your problems.

(in reply to danahallenbeck)
Post #: 6
RE: ISA Firewall that's not actually firewalling. - 5.Aug.2005 2:37:00 PM   
danahallenbeck

 

Posts: 27
Joined: 24.Jan.2003
Status: offline
This actually ended up being a SurfControl issue. If anybody is having trouble getting streamed media working and you are using SurfControl WebFilter v5.0, install HotFix 1 for SurfControl v5.0 (Requires SurfControl SP1).

The fix is for several issues unrelated to streaming media. However, it fixed all my streaming media problems as well as a McAfee EPO communication issue.

Even though this didn't have anything to do with the firewall functionality, I will be creating a new vlan for the second (External) NIC.

Thanks Rickardn and spouseele for your suggestions.

Dana Hallenbeck

(in reply to danahallenbeck)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> ISA Firewall that's not actually firewalling. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts