Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ISA in Cache Mode Behind Checkpoint Firewall

Posted on 2004-04-30
5
Medium Priority
?
1,298 Views
Last Modified: 2013-11-16
I want to configure ISA server in cache only mode behind our existing Checkpoint NG firewall on our trusted internal LAN. I can't get it to play ball, ISA doesn't appear to be able to get to the internet through checkpoint. Can anyone help?
0
Comment
Question by:RHLimited
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10959455
You need to set the ISA server up with 'Hide NAT' so it can see the outside world.
Is the ISA Server implied in a network object on Check Point, and does that network object have NAT applied ?
Also check that the ISA Server has a default route pointing to Check Point, and that it can resolve DNS.
You will not be able to browse WWW pages from the ISA Server, but you WILL be able to browse them from proxy clients.

http://www.ibiblio.org/gferg/ldp/Web-Browsing-Behind-ISA-Server-HOWTO.html
0
 
LVL 1

Author Comment

by:RHLimited
ID: 10960053
Set up ISA with "Hide NAT", how do I do that? Server is installed in cache only mode!
I've created a new host on my firewall for my isa server and have given access to http, https, ftp and gopher. NAT not applied.
I have addresses for DNS servers. On which adapters do I configure these on?

Is there not a step by step guide for this somewhere?
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 10961592
"Hide NAT" is a Check Point feature.  Full description is in the manual.
Basics are:

1)  Go to NAT tab of Network Object or Host Object
2)  Specify hide behind 0.0.0.0 or outside Check Point interface
3)  Create access rule to allow that host/network object access to dns, http and https on the Internet.

This will allow your ISA server to go through Check Point and out onto the Internet, and pull back pages.


0
 
LVL 4

Expert Comment

by:pmarquardt
ID: 10969637
Set the internal IP address of the Check Point box as the default gateway on the external NIC of the ISA Server.

Do NOT configure a default gateway for the internal NIC on the ISA Server.
Do NOT configure a DNS server on the internal nics of the ISA Server.
Make sure the DNS is set on the outside NIC on ISA.

You can check your work by configuring a manual proxy in the IE settings on the ISA Server to point to itself on port 8080 for all protocols. If this works your golden, if not let us know and we'll keep at it.

As for the settings for Check Point, that's Tim's ballpark. I don't use it, own it or support it.

Good Luck!
P-)
0
 
LVL 1

Author Comment

by:RHLimited
ID: 10984696
Thanks for all your help. My ISA is now up and running. I'm going to give the points to Tim as my checkpoint configuration was incorrect - now that I've added DNS and the Hide NAT all is well.

Thankyou.

:-)
0

Featured Post

Protect Your Retail Business and Reputatio

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for a webinar on Sept. 28th to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question