Re: The best configuration for ISA 2004
From: Mohammed A. Raslan (m_raslan_at_link.net.removethis)
Date: 12/16/04
- Next message: Mohammed A. Raslan: "ISA2004 and MS Loobback interface"
- Previous message: Marcello: "Re: The best configuration for ISA 2004"
- In reply to: Marcello: "Re: The best configuration for ISA 2004"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 16 Dec 2004 03:42:20 +0300
The Firewall Client is a program that you install on Windows Client that
facilates things when you create rules.
However in my opinion, i've a rule of thumb that is if you will not create
rules on ISA server that is based on User Accounts, then do not install the
firewall client on any machine.
Rules based on User Accounts means that when you create a rule, in its
conditions you say something like "if UserX wants to access
www.microsoft.com then allow him" UserX is the username and password of
UserX account in Active Directory or the Local Machine. You can specify
machines by their IP Address instead users, or a network range such as
"Internal" in ISA2004
Regarding MIRC and eMule, first of all you must decide your firewall
stratigy, that is Will you deny everything by default and allow certian
things to pass through ISA, or Will you allow everything to pass through ISA
and deny certian things?
If you will go to the first stratigy, then just create a rule that allows
the protocols you want, the problem is that you will have a hard time
knowing the ports used by eMule and MIRC, i will try to find them for you, i
once managed to allow emule to connect but i don't remember its ports, you
might find something about them in www.isaserver.org
If you will go with the second stratigy then just create an Access Policy
that allows all outbound protocols from Internal to External to All Users,
and create another rule that denies and specify the protocols you want to
deny, and make sure that the allow rule is last in order.
-- Yours truly, Mohammed A. Raslan Systems Engineer / Consultant MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA Mobile: +20 (12) 36 26 112 / +965 978 1969 E-Mail: m_raslan@link.net.removethis "Marcello" <senzaspam@spymac.com> wrote in message news:Ze4wd.298748$b5.14500354@news3.tin.it... > Thanks, I followed your example and it work :) I don't understand only about > Firewall Client, I don't know if I have to install it or no. > Now I'll have to configure service like mirc and emule. > > Thanks for your help. > > Ciao, > Marcello > > "Mohammed A. Raslan" <m_raslan@link.net.removethis> ha scritto nel messaggio > news:#EjMlOE4EHA.2592@TK2MSFTNGP09.phx.gbl... > > To connect to the internet using your USB modem, do you have to dial a > > connection to your ISP to get to the internet? or does your USB Modem > > appears just like another LAN interface? > > > > If you have to dial a connection which i expect, make sure that you create > > it in Windows and test it to make sure its working fine, then just make > sure > > that the LAT contains only the IP address that exist on the internal > > network, then go to configuration > networks, on the tasks pad click on > > "Specify Dial-up Preferences" and choose your dialup connection and supply > > the correct user name and password. this way whenever a user try to > > establish a connection ISA will automaticly dial the ISP and routers the > > packets to the internet. > > > > One important issue you will have is DNS, do you have any DNS in the > > internal network? if you don't then you have 2 solutions. If your ISP > > provides you with a DNS which is usual, then you can type it as the > prefered > > DNS on the clients and create a rule in ISA that allows DNS request to > pass > > from internal clients to external DNS servers. The other solution is to > > Install the DNS service on ISA and configure your clients to use it. I > don't > > see that you have active directory or a domain, and it seems that you are > > working in a workgroup so both solutions are fine, the first one might be > > easier. > > > > Another thing, if you enabled Internet Connection Sharing (ICS), then > > disable it before you install ISA > > > > -- > > Yours truly, > > Mohammed A. Raslan > > Systems Engineer / Consultant > > MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA > > Mobile: +20 (12) 36 26 112 / +965 978 1969 > > E-Mail: m_raslan@link.net.removethis > > > > > > "Marcello" <senzaspam@spymac.com> wrote in message > > news:qKIud.281674$b5.13722480@news3.tin.it... > > > Hi, > > > > > > I want to try to install ISA 2004 STD Server, my configuration is: > > > > > > Server => HPLH3 NetServer PII @ 350 dual CPU - 256MB RAM - 3HD SCSI 9GB > + > > > 1HD Eide 30GB - OS Windows 2003 Server SP1 RC1 Ent. English. > > > > > > Client1 => PIII @ 866 - 512Mb RAM - 1HD 80 + 2HD 120GB Eide - OS > > > Windows 2003 Server Ent. ITA. > > > > > > Client2 => PIV @ 2.4 - 512MB RAM - 1HD 40GB + 1HD 80GB + 1HD 120GB > > > Eide - OS Windows XP SP2 ITA. > > > > > > Client3 => Asus PIII @ 450 Dual CPU - 256MB RAM - 1HD 40GB + 1HD 80GB > > > Eide - OS Linux Fedora 3. > > > > > > All PC are connected to 1 Hub, the server is connected to internet > > > by a ADSL modem USB and share the connection with the clients (ICS). > > > I have 2 network card on the server, if I want to use both (the 1 for > the > > > Network Internal Connection and the other 1 for the External > Connection), > > I > > > need to a Modem-Router I think ... > > > > > > So, somebody could to help me please to install/configure ISA on this > > > configuration, or if I have to change somethings ..?! > > > > > > Thanks to all > > > > > > Ciao, > > > Marcello > > > > > > PS: if I forget somethings, please let me know :) > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Mohammed A. Raslan: "ISA2004 and MS Loobback interface"
- Previous message: Marcello: "Re: The best configuration for ISA 2004"
- In reply to: Marcello: "Re: The best configuration for ISA 2004"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
