Yes, there's a problem with the author interface right now and we're hoping to get that fixed soon. That's why I put the link at the top of thea article indicating that you should go to the alternate site:
From: Moscow, Russia
Thanks for the article Thomas!
I’m a beginner, so I didn’t get it close enough: when I create a new network in ISA’s 2004 Network Wizard and choose different types of it what the real difference between them is?
I mean, “Internal”, “External” and “Perimeter network” look quite the same when I view the properties in ISA’s console whatever I chose! The only nets that seem for me understandable are “External” (all other addresses ) and “VPN Site-to-Site” (addresses that I configure manually for remote network).
Maybe choosing network types using Wizard helps to make predefined access rules or network rules only and no more?
For a long time I’ve got two questions. Hope a professional like you would help me to understand ISA 2004 mechanics. They are:
1. ISA does not route the IP packets and only uses some kind of filters to pass packets watching source/destination, does it? I mean ISA doesn’t have its own routing table and if you want packets to use routes (gateways) depending on the destination and mask properties you MUST define routing table in an old-fashioned way (RRAS, Route add etc.). Does ISA manage only internal routes between its own NICs? 2. There are basically only two kinds of networks ISA runs: External and User Defined Networks (it can be DMZ, Perimeter, VPN or others Internal networks). And there’s no difference between them, except that their names are more usual for humans/administrators. Furthermore “External” network could be as well represented as IP address ranges. For example all addresses except private ranges. The minor of this is that if you do so it adds a lot of routes to server’s routing table but it works! And now I find that there’s only one thing ISA uses: a network with definite address range!
Strange that I haven’t found answers to these questions after having read lots of ISA related stuff…
This article reccomends making the back-end ISA 2004 firewall part of the internal Active directory domain (like xyz.ISAfirewall.com) Should I make the servers in the public web server in the Anonymous Access Zone (public web server, Split DNS and SMPT relay)apart of the same Active Directory domain(xyz.ISAfirewall.com)?