RE: Single nic ISA Server

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Yup, it will. I've been running Proxy 2.0 and then SA Server 2000 in this
exact configuration for seven years or so. Of the hundreds of machines on
our network, maybe ten have outbound access on port 80. I don't even bother
with the ISA client, just with configured browsers and the web proxy service.

We have five ISA servers in different areas logging to a single SQL server.

You Install ISA in cacheing mode, not firewall mode. I hope that helps!

"chris@xxxxxxxxxxxxxxxxxxx" wrote:

> Hello All,
>
> Our office currently runs Microsoft Proxy Server 2.0 and we are
> thinking about an eventual upgrade to Microsoft ISA server 2004. Here
> is my question...
>
> > Currently we use MS Proxy 2.0's Winsock proxy client to log user
> internet browsing to a SQL server. This works well for us. The Proxy
> server box has a single nic and it sits behind our PIX firewall.
>
> Here we go... From past experience, I am familiar with using Microsoft
> ISA server with two NICS, basically using it as a firewall for the
> network. We don't want to do that. We need to run ISA Server with a
> single nic behind our existing firewall pretty much strictly to log
> user browsing to a SQL database.
>
> My plan would be to require users to install the ISA firewall client,
> then block port 80 egress on the PIX for all but a few boxes including
> the ISA server itself. This will force users that want to browse to
> install the ISA firewall client, so we can log their traffic.
>
> Can anyone comment on whether ISA server will work with a single NIC as
> described above? I don't want to use it as a firewall at all - just
> for its proxy function - mainly to log user browsing to our SQL
> database, and to take advantage of the caching features it offers.
>
> Thanks,
>
> Chris
>
>
.

Relevant Pages

  • Re: Open source firewalls
    ... > it on to the real server! ... Some of the validations can be done at proxy end. ... mean to say is it can't garantee avoiding buffer overflows. ... > are usually avoided in the firewall proxy itself. ...
    (Linux-Kernel)
  • Re: Best way to connect remote windows 2003 server to main office
    ... disabling the firewall service to enable RRAS. ... TCP/IP to only accept traffic from the external interface of my ISA server? ... Would I enable RRAS on the remote server and setup a demand dial interface ...
    (microsoft.public.windows.server.networking)
  • Re: [fw-wiz] httport 3snf
    ... >> wouldn't have gotten SSH out of my firewall. ... > Postfix SMTP server with a wildcard MX that handed the mail that wasn't ... > destined to me off to the downstream MS stuff, and an HTTP proxy server ... All it needs is a written policx "Internet access is ...
    (Firewall-Wizards)
  • RE: 2 router to internal sbs std network
    ... appaers that you have set up a firewall (ISA server) on your internal network. ... > and one ont thing from the remote site i can ping the main office ...
    (microsoft.public.windows.server.sbs)
  • Re: Back-to-Back Firewall Pix & ISA Server 2004
    ... This firewall runs faster because it has less to do. ... Microsoft Internet Security & Acceleration Server: ... Microsoft ISA Server Partners: Partner Hardware Solutions ... I have implemented a Setup companion of Pix as a Back-end Firewall and ISA ...
    (microsoft.public.isa.configuration)