Re: Publishing server through IP
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Mon, 27 Jul 2009 09:29:35 -0500
"Yba" <Yba@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:463A4EE2-CC5B-4447-8813-4278B400917D@xxxxxxxxxxxxxxxx
2 things here Phillip,
1 - I was talking about Citrix when I said that DFG has to be configured
on
Citrix server. If I configure the proxy in the browser, what that has to
do
with Citrix? According to what you said, that browser configuation tells
the
((browser)), while an inbound Citrix connection will never pass by the
server's browser. If the DFG is not configured, then an outbound reply
can
never take place. What do you think?
It depends on the LAN design. If it is a multi-subnet LAN that is *properly
designed* the ISA will not be the Default Gateway of any Host on the LAN and
will only be the Default Gateway of *one* of the LAN Routers.
If the LAN is a single subnet then the ISA will be the Default Gateway of
all the Hosts.
2 - All connections berween ISA and other clients on my network are
SecureNAT connections. Yet, I do not use DFG, I rather use proxy in
browser
configuration.
Yours are not SecureNAT Clients,...it is impossible if they have no Default
Gateway at all.
It is not either-or. Machines often are,...and should be,.... multiple
Client types all at the same time. Machines are not ISA Clients, machines
are just a pile of hardware,...Applications are "ISA Clients". The Web
Browser is a "Web Proxy Client",...not the machine.
Other Applications (which can include the OS) will be Firewall Clients if
the FWC is installed and they are using TCP or UDP protocols.
Other Applications (which can include the OS) will be SecureNAT Clients if
the LAN's "routing path" takes them through the ISA and they are using
Protocols that are not based on TCP or UDP,..or the Firewall Client is not
installed,...or if the FWC is installed but the specific executable of the
Application in question has been exempted from working the the FWC Software
(like Outlook.exe for example).
Most or our LAN's Hosts are all three types at the same time. At any given
moment they operate with whatever "service" fits the circumstances that they
are operating in at that moment.
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- References:
- Publishing server through IP
- From: Yba
- Re: Publishing server through IP
- From: Phillip Windell
- Re: Publishing server through IP
- From: Yba
- Re: Publishing server through IP
- From: Phillip Windell
- Re: Publishing server through IP
- From: AllenM
- Re: Publishing server through IP
- From: Phillip Windell
- Re: Publishing server through IP
- From: AllenM
- Re: Publishing server through IP
- From: Yba
- Re: Publishing server through IP
- From: Phillip Windell
- Re: Publishing server through IP
- From: Yba
- Re: Publishing server through IP
- From: Phillip Windell
- Re: Publishing server through IP
- From: Yba
- Publishing server through IP
- Prev by Date: Re: ISA and hardware firewall
- Next by Date: Re: ISA and hardware firewall
- Previous by thread: Re: Publishing server through IP
- Next by thread: Re: Publishing server through IP
- Index(es):
Relevant Pages
|
