Re: Can someone confirm which configuration is best?
From: TSU (TSU_at_discussions.microsoft.com)
Date: 12/12/04
- Next message: TSU: "Re: Conflict between Routing and Remote Access and DHCP"
- Previous message: DAVID BOWLBY: "Anyone ever run SBS inside of VirtualPC?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Can someone confirm which configuration is best?"
- Next in thread: Andrew Hodgson: "Re: Can someone confirm which configuration is best?"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 11 Dec 2004 22:59:09 -0800
Hello David,
When you install ISA and re-run the CEICW, besides the rules which will
automatically configure support for things such as OWA, RWW, OMA, etc,
There will be a rule setup which no one discusses called "Businesscard."
Actually, this rule doesn't have much to do with any kind of businesscard but
is an "extra" rule which is ready to support any personal website. To make
this work, all you have to do is
- Configure external DNS so you can use a name to point to your WAN address
- Modify the "Businesscard" Web Publishing rule to point to your personal
website, whether it's on the SBServer or on another machine in your network.
- Restart the ISA Services using the ISA MMC
Note that the CEICW restricts you to using only one IP address on the
SBServer for websites (the primary LAN address), so you will need to deploy
your personal website one of the following ways:
- On another machine in your network
- On the same SBServer LAN IP address, but with a unique Host Header. Note
that this will work only if you don't intend to require SSL.
- On the same SBServer LAN IP address, but using a unique port. Note that as
of today there is an undocumented ISA issue using this method and certain
dynamically generated content. If you intend to support only straight HTML
with scripting, no problem.
Other items of note:
- 192.168.16.x is the default network ID but you can choose anything you
like that's private and supports the number of networks and hosts of your
network.
- The wizards should automatically detect whether you have one NIC or two
and configure appropriately in both situations, but you enjoy firewalling
only with 2 NICs. If you install only one NIC you will rely only on your
non-MS FW/router for protection. ISA will only provide caching performance,
all firewalling will be turned off.
- I think your questions about a second network might relate to setting up a
DMZ. Although ISA can be configured for a conventional DMZ, its Publishing
method is an alternative which is far easier to setup and for the most part
provides equal or better protection (only one deficiency I won't discuss here
but can be found in one of my posts in the public ISA newsgroup).
HTH,
Tony Su
"Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
> I still like two nics.
>
> Check out these diagrams....
> http://www.sbslinks.com/network.htm
>
>
> Dave wrote:
> > Thank you for the response. The web site will be "externally" facing, but I
> > will use the server for internal purposes also. In reading the
> > documentation, it gave the impression that if you had two network cards it
> > would kind of automatically setup all the external facing stuff (i.e. remote
> > access, OWA, web server, etc.) for you in more of a locked down mode and
> > publish everything else (i.e. sharepoint) on the inside interface. However,
> > if you only select the one network configuration then you kind of have to
> > configure all of that stuff manually.
> >
> > I am ok with using 192.x.x but would you recommend just running it on one
> > segment, or two?
> >
> > Thanks
> >
> > "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
> >
> >
> >>Website for home or office?
> >>
> >>First off I still find that staying with the 192.168.x.x is best as that
> >>is the RFC way to do small networks.
> >>
> >>Next I don't find ISA to be complex and if you plan to host a web site
> >>IMHO it's the way to go especially since next year we're getting ISA
> >>2k4. You've already bought it. Use it.
> >>
> >>Okay I'm going to yell
> >>
> >>IT'S NOT COMPLICATED FOLKS... IF THIS BLONDE CAN HANDLE IT .... YOU CAN
> >>TOO!!!
> >>
> >>Okay thank you I needed to do that.
> >>
> >>10.x.x.x is not the "proper" ip naming sequence for our sized networks.
> >>
> >>DAVID BOWLBY wrote:
> >>
> >>>I am going to install SBS Premium and want to have an external facing
> >>>web site on the Internet and want to be able to access my home network
> >>>remotely, but have a question as to the ideal configuration as far as
> >>>how many networks should be installed. I plan on having a firewall
> >>>control which ports are open to/from the Internet and do not plan on
> >>>installing ISA as I have heard it just adds complexity. Anyway, I plan
> >>>on using a 10.x network internally and was just wondering which
> >>>configuration is more ideal. Any advice is appreciated as it appears to
> >>>be a very long installation and I don't want to repeat it:)
> >>>
> >>>Option 1: Just have the server with one network interface card and open
> >>>the ports I need for any remote access, email or web functions I want to
> >>>expose on the firewall.
> >>>
> >>>Option 2: One 10.x network subnet that is "internal" that my PC's are
> >>>on and one "external" 10.x subnet that connects to my firewall/router
> >>>which is NAT'ed to the Internet.
> >>>
> >>>Thanks in advance.
> >>>
> >>>--
> >>>DAVID BOWLBY
> >>
> >>--
> >>An open letter to Steve Ballmer::
> >>http://msmvps.com/bradley/archive/2004/12/06/22637.aspx
> >>
>
> --
> An open letter to Steve Ballmer::
> http://msmvps.com/bradley/archive/2004/12/06/22637.aspx
>
- Next message: TSU: "Re: Conflict between Routing and Remote Access and DHCP"
- Previous message: DAVID BOWLBY: "Anyone ever run SBS inside of VirtualPC?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Can someone confirm which configuration is best?"
- Next in thread: Andrew Hodgson: "Re: Can someone confirm which configuration is best?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
