Re: New to ISA

• Previous message: rhansen: "Re: Frontpage through ISA... How?"
• In reply to: Lefteris Vladimiros \(MCT\): "Re: New to ISA"
• Next in thread: Lefteris Vladimiros \(MCT\): "Re: New to ISA"
• Reply: Lefteris Vladimiros \(MCT\): "Re: New to ISA"
• Messages sorted by: [ date ] [ thread ]

Date: Fri, 25 Jun 2004 13:55:38 -0700

cool thanks for the reply. i got it working.

now i have another question though. Is it safe to have protocol and content
rules open to all destinations if i don't really care where users go? or is
it a security risk?

thanks,
"Lefteris Vladimiros (MCT)" <notvalid@antispam.com> wrote in message
news:Oy9KCKlWEHA.3012@tk2msftngp13.phx.gbl...
> Inline
> Njoy ;-)
>
> --
> Lefteris Vladimiros
> Microsoft Certified Trainer
> MCSA, MCSE: Security
> MCSA: Messaging
>
> New Horizons Athens
> -----
> Note: Do not send me a direct email reply cause this is a fake address
> Post a reply to the newsgroups so that others may benefit from the
> discussion
> -----
> "Jimmy Boy" <jhayes@verilet.com> wrote in message
> news:%23whRPnhWEHA.2940@TK2MSFTNGP09.phx.gbl...
> > hi i am new to ISA and so far this is what i understand and wanted to
> check
> > if this is correct.
> >
> > Protocol rules are used to allow clients inside your networ to go out to
> the
> > internet.
> >
> Correct, based on what protocols they will want to use
>
> > Ip packet filters- what ports are open on your network, (this is where
you
> > do NATing as well right?)
>
> The ports that will open are for the external interface of ISA Server
> itself, or any services on a perimeter network (using an ISA Server with 3
> interfaces, one internal, one external, one perimeter, with client
computers
> having public ip addresses) that you might want to have. Remember, Packet
> filters do not take advantage of the ISA Server advanced security features
> such as application-layer filtering etc...
>
> So basicly, If you are using packet filters, that means you are seting up
> rules for routing, not NATing!
> ISA Server 2000 can't use packet filters for NATed clients.
>
> > Site and content rules- This one seems a little redundant to protocol
> rules
> > as it blocks traffic going out.
> >
> Well protocol and site and content rules work together to allow/deny
access
> to external resources. Both of them are processed when an internal client
> wants to access an external resource. First the client has to be
explicitly
> allowed access through the protocol rules, then it has to be explicitly
> allowed access through a site & content rule.
>
> > All i want to do is NATing to my internal web servers and internet
access,
> > so from what i can understaing the three access policies above is where
i
> > will be working on, right?
> >
> For internal clients to access the internet, use protocol and site and
> content rules
> For allowing external clients to access resources to the internal network
> use web & server publishing rules
> For allowing external clients access perimeter resources, and/or allowing
> perimeter clients to access the external resources use packet filters.
>
> NOTE: When reffering to internal clients, these are the ONLY ones
specified
> (by IP address -- private) on the Local Area Table (LAT) configuration on
> ISA Server. Never add non-internal (ie external or perimeter ip
addresses --
> public) on the LAT, or it will break any attempt to correctly setup ISA
> Server.
>
> > also am i correct at to what each of the policies above are used for?
any
> > additional explanation is welcomed.
>
> Well I guess this covers some of the basics... Check out www.isaserver.org
> for info on how to configure these various rules and more information.
> >
> > thanks,
> >
>
> Thanks for asking,
> Lefteris
> >
>
>

• Previous message: rhansen: "Re: Frontpage through ISA... How?"
• In reply to: Lefteris Vladimiros \(MCT\): "Re: New to ISA"
• Next in thread: Lefteris Vladimiros \(MCT\): "Re: New to ISA"
• Reply: Lefteris Vladimiros \(MCT\): "Re: New to ISA"
• Messages sorted by: [ date ] [ thread ]