Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
multihome isa setup
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
multihome isa setup - 12.Aug.2007 3:47:12 PM
|
|
|
canibeyaz
Posts: 23
Joined: 12.Jan.2007
Status: offline
|
Hi,
The configuration is as follows',
I have an ISA 2004 standart edition latest servicepack with 3 NIC named (LAN,WAN and REMOTE)
Everything on the internet side is ok including VPN, mail server publishing etc.
as for the REMOTE, . I connected that NIC to a router which connects to 5 different subnets. i created a network object and named it branch and add all the remote subnets that are reachable through that interface. Then i changed the routing table of ISA server so that it routes the packets to the router that connects to the remote subnets. As per the network relationship between the internal and branch network i chose route. I also created firewall policy allowing all traffic to and from branch offices. Is there anything else i need to be doing to support this design ?..Exact same design works perfect in a lab environmen. But i cant get this thing working now.When i monitor the isa traffic i see ISA`s allow traffic for my tests. I strongly believe that the router causes this but i first want to make sure that everyting is done on the ISA side.
Thanks in advance.
|
|
|
|
|
RE: multihome isa setup - 23.Aug.2007 9:57:12 AM
|
|
|
canibeyaz
Posts: 23
Joined: 12.Jan.2007
Status: offline
|
It turned out to be the router. When i changed the default route on the router to send the packets to the REMOTE interface of the ISA, the connection with the ISP fails. I then had to add static routes to the ISP. Everything is up and running now. Bytheway ISA is great. I`ve been working with checkpoint for 5 years. There is absolutely no need to consider another firewall when you have ISA . However make sure to put a hardware firewall to the internet edge because they are faster. They dont do application layer filtering where most of the threats are coming from i believe. I cant believe how less complicated ISA is compared to CP...all those extra licensing and etc.....
|
|
|
|
|
RE: multihome isa setup - 27.Aug.2007 9:50:20 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
I don't know if you need a "hardware" firewall externally, since the ISA Firewall is rated at over 1.5Gbps stateful packet inspection. I guess if your Internet connection is faster than 1.5Gbps, then you might use something else in front of the ISA Firewall, but if your Internet connection is less than 1.5Gbps, I'd forget about the "hardware" firewall and simplify the design.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
