Re: new to ISA, but not firewalls
From: Mohammed A. Raslan (m_raslan_at_link.net.removethis)
Date: 12/19/04
- Next message: Sergio Fonseca [MVP]: "Re: ISA 2000 and Reports"
- Previous message: Steven L Umbach: "Re: Question about using SSL on an IIS server, and ISA on another server"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: new to ISA, but not firewalls"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 19 Dec 2004 11:38:54 +0300
In ISA2000, as far as i know, no you can't unfortunatly apply policies to
the internal network in a direct way, and this is of the things that ISA2004
fixed
One way you can use in ISA2000 to achive this goal is to add a dummy
interface and assign it an IP address that is not in any IP range of the
other interfaces and removing the real internal IP range from the LAT, and
then you can use packet filters to filter the trafic that passes between the
internet and the internal network, however i don't a know why any one would
use this mothod instead of using ISA normally.
Remember if ISA LAT is empty, ISA service won't work
I didn't understand what you mean by locking down ISA LAT, can you explain
it?
-- Yours truly, Mohammed A. Raslan Systems Engineer / Consultant MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA Mobile: +20 (12) 36 26 112 / +965 978 1969 E-Mail: m_raslan@link.net.removethis "Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> wrote in message news:OO13RBK5EHA.1596@tk2msftngp13.phx.gbl... > If you were particularly concerned about security, including the possibility > of abuse by internal users, is it possible to use ISA to apply policies to > the internal network ? e.g. if you had a basic domain with normal domain > authentication, server file share traffic and Exchange for mail, is it > possible to lock down the LAT using ISA ? > > Would it be as simple as removing the internal IP addresses from the LAT in > ISA and then creating policies to permit the appropriate internal network > traffic ? Other than additional work required to configure this is there > any reasons not to do this with ISA ? > > -- > Thanks, > Stuart. > > > "Mohammed A. Raslan" <m_raslan@link.net.removethis> wrote in message > news:ujvW91x4EHA.2572@tk2msftngp13.phx.gbl... > > In ISA, i guess we don't think about interfaces, instead about IP's. > > During > > setup you were asked to construct what is called LAT or Local Address > > Table, > > the LAT must include all internal IP addresses you have, and that should > > include the internal interface IP. ISA knows that an interface is internal > > of it's IP address exists in LAT, if not, then it's external. > > > > You can change this configuration in ISA after installation by searching > > for > > LAT in network configuration or management, its in the 3rd or 4th node > > from > > down in ISA management, i'm currently on vacation and i don't have any > > ISA2000 in front of me, but you should be able to find it easily > > > > -- > > Yours truly, > > Mohammed A. Raslan > > Systems Engineer / Consultant > > MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA > > Mobile: +20 (12) 36 26 112 / +965 978 1969 > > E-Mail: m_raslan@link.net.removethis > > > > > > "Dhaval Brahmbhatt" <dhaval001@hotmail.com> wrote in message > > news:O#yRa8v4EHA.1408@TK2MSFTNGP10.phx.gbl... > >> Hi there all ISA champs > >> > >> I am a big fan of hardware firewalls but I think ISA has some great > > features > >> that these hardware firewalls don't. So I decided to look into it. > >> > >> I have a test server and did the normal stuff of installing ISA 2000 > > server > >> on a Windows 2003 server (yes, I have installed SP1 and also the other > >> patch). > >> > >> There are 2 network cards on this server and I do remember, during the > >> setup, I was asked which network card is Internet and which one is > > external. > >> > >> Now I did select Internal network card at that time appropriately. But > > after > >> finishing the ISA 2000 setup, it is quite interesting that I can't find > > that > >> setting. > >> > >> Coming from the hardware firewall world, I find it very strange and > >> fustrating that I can't find where to look for the external interface of > > the > >> firewall and where to look for the Internal interface of the firewall, > >> within the configuration of ISA itself. I know I can check the IP etc on > > the > >> network cards itself. > >> > >> I want to know if there is a way in ISA2000 itself to find out which > > network > >> card is internal interface and which network card is external interface. > >> > >> This question is so important that without resolving this, I feel that I > >> can't go any further in learning ISA firewall. > >> > >> Anyone, please help. > >> > >> Dhaval > >> > >> > > > > > >
- Next message: Sergio Fonseca [MVP]: "Re: ISA 2000 and Reports"
- Previous message: Steven L Umbach: "Re: Question about using SSL on an IIS server, and ISA on another server"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: new to ISA, but not firewalls"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
