Re: Questions: pros and cons about ISA server in Existing infrastu
- From: Evo <Evo@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 2 Mar 2008 14:01:00 -0800
Hello Jim
Thank you so much for your answer to my questions, much appreciated. I am
starting to understand a little more about ISA, But
In question 3 you mention about ISA can deploy as a firewall on a separate
network .. (DMZ) and use it as a reserve proxy to publish Exchange server.
this is obvious gives the network an extra layer of protection. I thought en
existing Firewall is already capable of doing that? I guess this will give
some extra protection. from time to time we receive IP spoofing alert from
untrust to DMZ mail gateway. our firewall is stopping that attack.
From your expertises and experience would you put ISA infront of the SMTPgateway antivirus server so that:
All incoming e-mail will answer by ISA Server then get route to > antiviris
SMTP gateway then route to > internal Exchange 2003 Server to give that extra
protection on the DMZ / internal network?
Thank you so much
Evo
"Jim Harrison (ISA SE)" wrote:
A1/2 - The advantage to using ISA is that ISA evaluates the traffic far.
beyond the "openaport" methodology your firewall uses or even what a Squid
can accomplish. have a read here:
http://www.microsoft.com/technet/isa/2006/deployment/exchange2003.mspx
A3 - ISA is also a firewall if you deploy to separate networks. It also has
the distinction of never having been compromised.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"Evo" <Evo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CBAEB95E-7740-4E80-8E01-4F3B729E56A5@xxxxxxxxxxxxxxxx
We are looking at publishing OWA to serve 80 users,
we have an existing firewall in placed, our security team are not going to
replace our firewall with ISA server, we have DMZ zone, inside the DMZ zone
we have a SMTP gateway does virus and content filtering check before route
to
our internal exchange 2003 server. We have a policy on our firewall to allow
that, plus we have a caching proxy server in the DMZ
I don't know much about ISA server, all I know is that Microsoft recommended
to use ISA when publishing OWA to the internet and of course more secure
From what have read, you can set it up an ISA Server to operate in the
existing DMZ zone and enable it as a reverse proxy server to publish OWA
and
to use it as caching proxy server at the same time.
My questions are
1. How Secure if I create a policy on the firewall to allow port 443 from
untrust to trust and setup a public IP address for our exchange server and
use a well knowing SSL certificate compare to using ISA Server on the DMZ
with SSL certificate to proxy to internal Exchange Server ? What extra ISA
would give me compare existing firewall ?
2. what is the benefit of using ISA as a web content caching proxy Server vs
other caching proxy Server eg. (squid caching proxy)
3. Why having an ISA server inside of the DMZ zone would give the corporate
network extra protection? And what sort of protection whould it give me if I
already have a existing firewall in place ?
Thank you and I hope some of you will be able to give me some answers to
this
- Next by Date: RE: anonymous access rule and authetication rule
- Next by thread: RE: anonymous access rule and authetication rule
- Index(es):
Relevant Pages
|
Loading
