• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about part 1 of article series on creating multiple DMZs

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Discussion about part 1 of article series on creating multiple DMZs Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about part 1 of article series on creating m... - 6.Aug.2004 6:11:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the article on publishing multiple DMZ networks attached to the ISA firewall at http://www.tacteam.net/isaserverorg/2004multdmzp1/2004multdmzp1.htm

Thanks!
Tom

[ August 06, 2004, 06:40 AM: Message edited by: tshinder ]
Post #: 1
RE: Discussion about part 1 of article series on creati... - 6.Aug.2004 10:20:00 AM   
StarChase

 

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline
Just for the info, when you go 2 http://www.isaserver.org/articles/2004multidmzp1.html, the pictures dont work. The point to http://www.isaserver.org/articles/Image2843.gif

(in reply to tshinder)
Post #: 2
RE: Discussion about part 1 of article series on creati... - 6.Aug.2004 1:00:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Star,

Yes, there's a problem with the author interface right now and we're hoping to get that fixed soon. That's why I put the link at the top of thea article indicating that you should go to the alternate site:

TO SEE THE FULL VERSION OF THIS ARTICLE, COMPLETE WITH IMAGES, PLEASE VISIT http://www.tacteam.net/isaserverorg/2004multdmzp1/2004multdmzp1.htm

Thanks!
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion about part 1 of article series on creati... - 6.Aug.2004 5:48:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey guys,

The images are fix. You can now see everything from the isaserver.org site.

Thanks!
Tom

(in reply to tshinder)
Post #: 4
RE: Discussion about part 1 of article series on creati... - 23.Aug.2004 5:31:00 PM   
daniilkireev

 

Posts: 12
Joined: 10.Aug.2004
From: Moscow, Russia
Status: offline
Thanks for the article Thomas!

I’m a beginner, so I didn’t get it close enough: when I create a new network in ISA’s 2004 Network Wizard and choose different types of it what the real difference between them is?

I mean, “Internal”, “External” and “Perimeter network” look quite the same when I view the properties in ISA’s console whatever I chose! The only nets that seem for me understandable are “External” (all other addresses ) and “VPN Site-to-Site” (addresses that I configure manually for remote network).

Maybe choosing network types using Wizard helps to make predefined access rules or network rules only and no more?

For a long time I’ve got two questions. Hope a professional like you would help me to understand ISA 2004 mechanics. They are:

1. ISA does not route the IP packets and only uses some kind of filters to pass packets watching source/destination, does it? I mean ISA doesn’t have its own routing table and if you want packets to use routes (gateways) depending on the destination and mask properties you MUST define routing table in an old-fashioned way (RRAS, Route add etc.). Does ISA manage only internal routes between its own NICs?
2. There are basically only two kinds of networks ISA runs: External and User Defined Networks (it can be DMZ, Perimeter, VPN or others Internal networks). And there’s no difference between them, except that their names are more usual for humans/administrators. Furthermore “External” network could be as well represented as IP address ranges. For example all addresses except private ranges. The minor of this is that if you do so it adds a lot of routes to server’s routing table but it works! And now I find that there’s only one thing ISA uses: a network with definite address range!

Strange that I haven’t found answers to these questions after having read lots of ISA related stuff…

(in reply to tshinder)
Post #: 5
RE: Discussion about part 1 of article series on creati... - 24.Aug.2004 2:53:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Daniil,

You are correct. The ISA firewall defines the default External network as any network that isn't defined on the ISA firewall.

The routing mechansims use the Windows routing table and RRAS. There is not policy based routing like you would see a a router/packet-filter based firewall.

So, you need to decide what you need -- strong stateful application layer inspection, or basic stateful filtering and more advanced routing.

HTH,
Tom

(in reply to tshinder)
Post #: 6
RE: Discussion about part 1 of article series on creati... - 16.Oct.2004 7:59:00 PM   
xmlparser

 

Posts: 17
Joined: 13.Nov.2003
From: Florida
Status: offline
This article reccomends making the back-end ISA 2004 firewall part of the internal Active directory domain (like xyz.ISAfirewall.com) Should I make the servers in the public web server in the Anonymous Access Zone (public web server, Split DNS and SMPT relay)apart of the same Active Directory domain(xyz.ISAfirewall.com)?

Could you explain how to make a SMPT relay?

[ October 15, 2004, 05:47 PM: Message edited by: xmlparser ]

(in reply to tshinder)
Post #: 7
RE: Discussion about part 1 of article series on creati... - 1.Feb.2006 8:00:58 PM   
rodyan

 

Posts: 3
Joined: 25.Jan.2006
Status: offline
Mr Thomas

How are you?

I have one question about this article, I only have 3 NICs for ISA Server (External, Internal & Perimeter) for the Perimeter I have two servers with two differents network segments.

I put the two differents IP Gateways for each network in the NIC and configure the respective rules using the templates but the ISA Server drop all the requests that between the 3 NICs.

I don't know if is an internal routing for ISA Server or maybe IP Spoofing, can you give an advice to solve this problem?, because I read and try many things unsuccessful.

Best Regards

(in reply to tshinder)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Discussion about part 1 of article series on creating multiple DMZs Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts