Re: new to ISA, but not firewalls
From: Stuart Mackie [MCP, MSP] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 12/18/04
- Next message: Bill Swan: "Port forwarding"
- Previous message: ACE!!!: "Re: ISA Cache Errors"
- In reply to: Mohammed A. Raslan: "Re: new to ISA, but not firewalls"
- Next in thread: Mohammed A. Raslan: "Re: new to ISA, but not firewalls"
- Reply: Mohammed A. Raslan: "Re: new to ISA, but not firewalls"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 18 Dec 2004 01:23:22 -0000
If you were particularly concerned about security, including the possibility
of abuse by internal users, is it possible to use ISA to apply policies to
the internal network ? e.g. if you had a basic domain with normal domain
authentication, server file share traffic and Exchange for mail, is it
possible to lock down the LAT using ISA ?
Would it be as simple as removing the internal IP addresses from the LAT in
ISA and then creating policies to permit the appropriate internal network
traffic ? Other than additional work required to configure this is there
any reasons not to do this with ISA ?
-- Thanks, Stuart. "Mohammed A. Raslan" <m_raslan@link.net.removethis> wrote in message news:ujvW91x4EHA.2572@tk2msftngp13.phx.gbl... > In ISA, i guess we don't think about interfaces, instead about IP's. > During > setup you were asked to construct what is called LAT or Local Address > Table, > the LAT must include all internal IP addresses you have, and that should > include the internal interface IP. ISA knows that an interface is internal > of it's IP address exists in LAT, if not, then it's external. > > You can change this configuration in ISA after installation by searching > for > LAT in network configuration or management, its in the 3rd or 4th node > from > down in ISA management, i'm currently on vacation and i don't have any > ISA2000 in front of me, but you should be able to find it easily > > -- > Yours truly, > Mohammed A. Raslan > Systems Engineer / Consultant > MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA > Mobile: +20 (12) 36 26 112 / +965 978 1969 > E-Mail: m_raslan@link.net.removethis > > > "Dhaval Brahmbhatt" <dhaval001@hotmail.com> wrote in message > news:O#yRa8v4EHA.1408@TK2MSFTNGP10.phx.gbl... >> Hi there all ISA champs >> >> I am a big fan of hardware firewalls but I think ISA has some great > features >> that these hardware firewalls don't. So I decided to look into it. >> >> I have a test server and did the normal stuff of installing ISA 2000 > server >> on a Windows 2003 server (yes, I have installed SP1 and also the other >> patch). >> >> There are 2 network cards on this server and I do remember, during the >> setup, I was asked which network card is Internet and which one is > external. >> >> Now I did select Internal network card at that time appropriately. But > after >> finishing the ISA 2000 setup, it is quite interesting that I can't find > that >> setting. >> >> Coming from the hardware firewall world, I find it very strange and >> fustrating that I can't find where to look for the external interface of > the >> firewall and where to look for the Internal interface of the firewall, >> within the configuration of ISA itself. I know I can check the IP etc on > the >> network cards itself. >> >> I want to know if there is a way in ISA2000 itself to find out which > network >> card is internal interface and which network card is external interface. >> >> This question is so important that without resolving this, I feel that I >> can't go any further in learning ISA firewall. >> >> Anyone, please help. >> >> Dhaval >> >> > >
- Next message: Bill Swan: "Port forwarding"
- Previous message: ACE!!!: "Re: ISA Cache Errors"
- In reply to: Mohammed A. Raslan: "Re: new to ISA, but not firewalls"
- Next in thread: Mohammed A. Raslan: "Re: new to ISA, but not firewalls"
- Reply: Mohammed A. Raslan: "Re: new to ISA, but not firewalls"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
