ISA Firewall that's not actually firewalling. (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure



Message


danahallenbeck -> ISA Firewall that's not actually firewalling. (21.Jul.2005 11:19:00 AM)

I am trying to split my 2 NICs up for internal and external communications so I can get the ISA firewall functionality that provides. My problem is that the server is not actually in a firewall situation. We have Cisco firewalls and the powers-that-be will not allow ISA to act as a REAL firewall.

Due to this, both NICs reside in the same subnet. I don't seem to be able to access anything, and I believe it is due to this. I tried caching mode, but ISA is limited in this configuration. Is there any way for me to get the functionality that the firewall provides without creating another vlan for the external card?

Dana Hallenbeck




spouseele -> RE: ISA Firewall that's not actually firewalling. (21.Jul.2005 3:08:00 PM)

Hi Dana,

No! The internal and external interface must be on different network ID's or subnets.

HTH,
Stefaan




danahallenbeck -> RE: ISA Firewall that's not actually firewalling. (21.Jul.2005 3:40:00 PM)

Thanks for the quick reply.

I was able to get it working by following some of the best practices noted in Tom Shinder's "ISA Firewall Best Practices, Tips and Tricks" article. After removing the default gateway from the internal card, removing DNS from the external card, and adding some routes for access internally, it all worked.

It did not resolve an issue that I was hoping it would, though. Streamed media (any type) does not seem to work. All other access works so far, though.

Any thoughts?

Dana




spouseele -> RE: ISA Firewall that's not actually firewalling. (21.Jul.2005 3:56:00 PM)

Hi Dana,

no, No, NO! That's an *unsupported* configuration! Both interfaces *must* be on *different* Network ID's or subnets.

HTH,
Stefaan




danahallenbeck -> RE: ISA Firewall that's not actually firewalling. (21.Jul.2005 4:01:00 PM)

Ok, ok... [Big Grin]

I will work with my Cisco guys to get something setup and see what we end up with. Any thoughts on this fixing my streaming media problem?




rino01 -> RE: ISA Firewall that's not actually firewalling. (22.Jul.2005 4:35:00 AM)

Hello Dana.

Streaming media have alot of threads in the forums and it seems that it all dempends of what kind of streaming media you would like to use. Install the firewall client on your clients and make a rule to allow the protocols thru the ISA Firewall, if that dosen't fix your problem do a search in the forums on "Streaming Media" and you will get alot of questions and answers. Hopfully it will helt you to solve your problems.




danahallenbeck -> RE: ISA Firewall that's not actually firewalling. (5.Aug.2005 2:37:00 PM)

This actually ended up being a SurfControl issue. If anybody is having trouble getting streamed media working and you are using SurfControl WebFilter v5.0, install HotFix 1 for SurfControl v5.0 (Requires SurfControl SP1).

The fix is for several issues unrelated to streaming media. However, it fixed all my streaming media problems as well as a McAfee EPO communication issue.

Even though this didn't have anything to do with the firewall functionality, I will be creating a new vlan for the second (External) NIC.

Thanks Rickardn and spouseele for your suggestions.

Dana Hallenbeck




Page: [1]