Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

need advise

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> need advise Page: [1]
Login
Message << Older Topic   Newer Topic >>
need advise - 2.Sep.2008 10:14:20 AM   
kidem

 

Posts: 8
Joined: 6.Jun.2008
Status: offline 		We have 4 sites all connected by T-3 with about half used for exiting traffic, each site has there own ISA web proxy server, at HQ i have a 2006 Isa enterprise setup. I want to control all from one policy cause they use the same rules. the reason cause eventually each site will have MPLS and direct connect to net. So is the whole array config for this??? or is that more more load balancing? 
Post #: 1
RE: need advise - 2.Sep.2008 10:25:31 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		You want all the hosts to leave through the same firewall array?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to kidem)
Post #: 2
RE: need advise - 2.Sep.2008 10:35:59 AM   
kidem

 

Posts: 8
Joined: 6.Jun.2008
Status: offline 		i want each site host's to use its own proxy, but use the same policys on all

(in reply to tshinder)
Post #: 3
RE: need advise - 2.Sep.2008 4:33:55 PM   
paulo.oliveira

 

Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

if all ISA server are on the same array, you just have to create an enterprise policy for those equal access rules.

Regards,
Paulo Oliveira.

(in reply to kidem)
Post #: 4
RE: need advise - 3.Sep.2008 3:16:26 PM   
gbarnas

 

Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline 		Paulo

You might need to clarify that a bit..

All ISA servers in an "array" must be in the same network. The OP has multiple sites, so - assuming that you're running EE at each site, there would be multiple arrays, one for each site.

You can define rules at the array level, and at the enterprise level. Generally, you would not be able to define too many rules at the enterprise level that would control access across multiple arrays/sites, simply because the networks are different. An example of a rule that would work as an enterprise rule is "Deny Access to Blocked URLs", which referenced an Enterprise object listing URLs you want blocked. Such a rule has no dependence on local network parameters. Creating an Enterprise rule allowing HTTP from Internal to External would likely not work, because (although the concepts of Internal and External are the same) the parameters that define Internal and External at each site are unique. You might be able to create broad, enterprise definitions of the networks, but I suspect that could lead to strange problems, and might best be avoided.

On the plus side, using EE at each site means that you can install a CSS server at the main site that all sites use. Thus, you'd be able to define the rule sets for each array/site from a central location.

Glenn

(in reply to paulo.oliveira)
Post #: 5
RE: need advise - 4.Sep.2008 10:22:39 AM   
paulo.oliveira

 

Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi Glenn,

thanks for clear it up!

Regards,
Paulo Oliveira.

(in reply to gbarnas)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> need advise Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts