Re: general question on design options

"David" <nospam@xxxxxxxxxx> wrote in message
news:e3G66eSBIHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
I was assuming it was going to be CSU/DSU -> cisco -> ISA, and that I
would have control of that cisco device. I have not dealt with T1 service
before (or any WAN technologies for that matter). We currently use a fixed
wireless provider and that antenna goes directly to my ISA server. So if I
understand correctly, when I select a T1 provider it will come with the
csu/dsu *and* the router (likely cisco) which will likely only be a router
(no nat, spi firewall, etc..)

Correct.

that I would not have administrative access to.

The depends on the arrangment with the ISP. I have access to ours. We own
ours.

So if I wanted to implement a dmz for example, one with 2 firewalls rather
than one tri-homed firewall, the router that would likely come with the
service would not be an option and I would need to purchase another one.

The router would have nothing to do with the DMZ. The router config would
not be touched. You would have to buy a second Firewall device and place
the two firewalls end-to-end with a "new" RFC Private Addressed Network
between the two Firewalls. Personally I think DMZs are most of the time
just pointless and do nothing other than make things more complicated for
the Admin (Hackers usualy don't notice and aren't slowed by them) and they
just add more pieces to the puzzel that can fail and cause you to have to
troubleshoot something and have more down-time.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


.

Relevant Pages

  • Re: Security comparison
    ... > Internet connection as well as VPN tunnel from both VPN router, ... Microsoft ISA server includes proxy and caching features as well, ... firewall is and how it is different from a stateful firewall and a NAT ...
    (microsoft.public.security)
  • Re: Conecting to an external VPN
    ... Modem involved too,..hopefully a separate "box" from the router. ... How to configure a PPPoE connection in ISA Server 2006 or in ISA Server 2004 ... outbound VPN connections,...but I was unable to find any. ... There is no firewall client.. ...
    (microsoft.public.isa.vpn)
  • Re: general question on design options
    ... the router which will likely only be a router (no nat, ... tri-homed firewall, the router that would likely come with the service would ... The Cisco Device in the centext that I describe would be a firewall device ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004 ...
    (microsoft.public.isa)
  • Re: general question on design options
    ... would have control of that cisco device. ... fixed wireless provider and that antenna goes directly to my ISA server. ... with the csu/dsu *and* the router which will likely only ... rather than one tri-homed firewall, the router that would likely come ...
    (microsoft.public.isa)
  • Re: Just venting (totally OT)
    ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
Loading