Solved

Redundant ISA 2004 Solution

Posted on 2004-10-08
5
209 Views
Last Modified: 2013-11-16
I am looking to use ISA 2004 on my network as a proxy, firewall, and cache. my question is if i redirect everyone on my network to my corp hq to use isa as a proxy, what happens if the isa server goes down for any reason? usually they say to use another isa server in an array but i would rather see if i could let them go out there own local gateway instead.
0
Comment
Question by:etracsupport
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:swinterborn
ID: 12262729
If you're running ISA as a firewall, why would you put another gateway into the network? The whole point of a firewall is that all traffic should be forced to go through it so that rules can be applied to permit/deny traffic.
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12262902
because i already use pix but i like the features of the application level firewall & proxy. And i would never use a software firewall for my entire network. now I'm trying to see if I can provide some redundancy
0
 
LVL 10

Expert Comment

by:winzig
ID: 12263202
and what about 2 isa servers in NLB cluster ?
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12263262
possibly but i am concerned with something happening to the servers and preventing the workstations from accessing the internet.
0
 
LVL 5

Accepted Solution

by:
swinterborn earned 125 total points
ID: 12263278
I don't see how you can - what you describe is not a redundant solution, rather it is trying to layer technologies.

For example, Win2k/XP uses kerberos to authenticate, the MS implementation is a redundant solution, it retrieves a list of kerberos servers and tries them in turn until one resoponds. It is also layer aware, if kerberos fails, it will attempt NTLM.

If you have required all clients to use ISA, if ISA fails, noone gets out unless you run a process which undoes your requirement to use ISA. There is no standard way to make the requirement susceptible to logic, ie, deploy a config to clients which requires them to use ISA unless ISA does not respond to pings, in which case don't use ISA.

The only possible way I can see of doing this would to program a service which runs on the client and undoes settings if ISA is unavailable - it would probably be cheaper to get the second ISA box than spend the time developing and testing a custom solution.

HTH
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM 2012 - PXE WinPE - Boot Resolution Low 10 89
Valid LIN protocol Protected ID values 1 40
nexus filter logs 3 45
Unauthorized Network Devices Appearing on Home Network 20 114
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question