RE: ISA2006
- From: Noel <Noel@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 Jan 2007 16:35:00 -0800
Hi,
I have the same situation. As soon as I install ISA server 2006 to PDC, all
clients cannot connect to network. Surely, there must be a good way to
configure this scenario as compared to SBS. I have a small network that
consist of 20 clients with 2 server (1 linux as fileserver and 1 MS svr 2003
SP1 as PDC). Running ISA server to another server computer is not a viable
solution because of cost. I can simply install a 3rd party firewall like
"kerio" to my PDC which is what I am using at the moment and it works like a
charm. However, I wanted to install ISA server 2006 because I want to use and
learn at the same time so that I can offer the same solution to my clients
which are all SMB with existing win2k3 server.
I hope somebody out there had a better idea.
Thanks,
Noel
"Shijaz" wrote:
.I used Windows 2003 Standard as AD,DNS, DHCP and WINS and then I installed
ISA 2006 standard into same box.
This really isn't such a good idea. Keep your ISA server separate from your
domain controller. The only exception is if you're running ISA 2004 on
Windows SBS.
I saw the previous post, I found that the following solution is creating a
RULE that
Allows
All outbound traffic
from: internal
to: localhost
All users
As soon as you complete ISA installation, the machine running ISA is in a
"locked down" state by default. It wouldn't let any machine connect to it
(except as per the default in-built system policy rules). A domain controller
would need a lot of additional ports to be opened on it (eg. DNS, LDAP, RPC
range, etc) - to simplify things you can just allow all machines on your
"internal" network (trusted machines) to communicate directly with your
"localhost" (machine running ISA server) since it is also a domain controller.
I finally uninstall the ISA 2006,
everything is fine.
The "locked down" machine is now open again, due to the absence of ISA.
Finally, Can I change the default RULE from deny to allow ??
If you want to do this, then you dont need ISA. ISA is a *firewall* and the
purpose of "implicit deny" is met by the last default rule. This is what
keeps ISA "locked down" when you first install it, because ther is no other
"allow" rule.
Good luck,
--
Shijaz Abdulla
MCSE:Security, CCNA
www.shijaz.com/isaserver
"Jimmy" wrote:
HI,
I used Windows 2003 Standard as AD,DNS, DHCP and WINS and then I installed
ISA 2006 standard into same box. After installation, clients cannot logon
the network and then they cannot receive or send the email from Outlook
Express.
I saw the previous post, I found that the following solution is creating a
RULE that
Allows
All outbound traffic
from: internal
to: localhost
All users
If the solution is working, the Outlook Express's problem can be fixed at
the same time because yesterday I tried to disconnect the Domain from ISA
2006, the clients still could not logon, I finally uninstall the ISA 2006,
everything is fine.
I want to install again today so that I wish that no need to uninstall
again.
I have two question, where can I find the difference between ISA 2006
Standard Edition and ISA 2006 Enterprise Edition ( I already search MS) ??
Finally, Can I change the default RULE from deny to allow ??
Thanks
Jimmy
- Follow-Ups:
- RE: ISA2006
- From: Shijaz Abdulla
- RE: ISA2006
- Prev by Date: Re: ISA Management on my XP fails to open Dashboard and Start Query
- Next by Date: ISA2006ED AD Problem
- Previous by thread: Re: ISA Management on my XP fails to open Dashboard and Start Query
- Next by thread: RE: ISA2006
- Index(es):
Relevant Pages
|
