Re: New to ISA
From: Lefteris Vladimiros \(MCT\) (notvalid_at_antispam.com)
Date: 06/25/04
- Next message: Lefteris Vladimiros \(MCT\): "Re: Problem with 2nd IP address - Repost"
- Previous message: Bluey: "Re: External OWA problems - ISA Setting?"
- In reply to: Jimmy Boy: "New to ISA"
- Next in thread: Jimmy Boy: "Re: New to ISA"
- Reply: Jimmy Boy: "Re: New to ISA"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 25 Jun 2004 04:07:21 +0300
Inline
Njoy ;-)
-- Lefteris Vladimiros Microsoft Certified Trainer MCSA, MCSE: Security MCSA: Messaging New Horizons Athens ----- Note: Do not send me a direct email reply cause this is a fake address Post a reply to the newsgroups so that others may benefit from the discussion ----- "Jimmy Boy" <jhayes@verilet.com> wrote in message news:%23whRPnhWEHA.2940@TK2MSFTNGP09.phx.gbl... > hi i am new to ISA and so far this is what i understand and wanted to check > if this is correct. > > Protocol rules are used to allow clients inside your networ to go out to the > internet. > Correct, based on what protocols they will want to use > Ip packet filters- what ports are open on your network, (this is where you > do NATing as well right?) The ports that will open are for the external interface of ISA Server itself, or any services on a perimeter network (using an ISA Server with 3 interfaces, one internal, one external, one perimeter, with client computers having public ip addresses) that you might want to have. Remember, Packet filters do not take advantage of the ISA Server advanced security features such as application-layer filtering etc... So basicly, If you are using packet filters, that means you are seting up rules for routing, not NATing! ISA Server 2000 can't use packet filters for NATed clients. > Site and content rules- This one seems a little redundant to protocol rules > as it blocks traffic going out. > Well protocol and site and content rules work together to allow/deny access to external resources. Both of them are processed when an internal client wants to access an external resource. First the client has to be explicitly allowed access through the protocol rules, then it has to be explicitly allowed access through a site & content rule. > All i want to do is NATing to my internal web servers and internet access, > so from what i can understaing the three access policies above is where i > will be working on, right? > For internal clients to access the internet, use protocol and site and content rules For allowing external clients to access resources to the internal network use web & server publishing rules For allowing external clients access perimeter resources, and/or allowing perimeter clients to access the external resources use packet filters. NOTE: When reffering to internal clients, these are the ONLY ones specified (by IP address -- private) on the Local Area Table (LAT) configuration on ISA Server. Never add non-internal (ie external or perimeter ip addresses -- public) on the LAT, or it will break any attempt to correctly setup ISA Server. > also am i correct at to what each of the policies above are used for? any > additional explanation is welcomed. Well I guess this covers some of the basics... Check out www.isaserver.org for info on how to configure these various rules and more information. > > thanks, > Thanks for asking, Lefteris >
- Next message: Lefteris Vladimiros \(MCT\): "Re: Problem with 2nd IP address - Repost"
- Previous message: Bluey: "Re: External OWA problems - ISA Setting?"
- In reply to: Jimmy Boy: "New to ISA"
- Next in thread: Jimmy Boy: "Re: New to ISA"
- Reply: Jimmy Boy: "Re: New to ISA"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
