Solved

Redundant ISA 2004 Solution

Posted on 2004-10-08
5
222 Views
Last Modified: 2013-11-16
I am looking to use ISA 2004 on my network as a proxy, firewall, and cache. my question is if i redirect everyone on my network to my corp hq to use isa as a proxy, what happens if the isa server goes down for any reason? usually they say to use another isa server in an array but i would rather see if i could let them go out there own local gateway instead.
0
Comment
Question by:etracsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:swinterborn
ID: 12262729
If you're running ISA as a firewall, why would you put another gateway into the network? The whole point of a firewall is that all traffic should be forced to go through it so that rules can be applied to permit/deny traffic.
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12262902
because i already use pix but i like the features of the application level firewall & proxy. And i would never use a software firewall for my entire network. now I'm trying to see if I can provide some redundancy
0
 
LVL 10

Expert Comment

by:winzig
ID: 12263202
and what about 2 isa servers in NLB cluster ?
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12263262
possibly but i am concerned with something happening to the servers and preventing the workstations from accessing the internet.
0
 
LVL 5

Accepted Solution

by:
swinterborn earned 125 total points
ID: 12263278
I don't see how you can - what you describe is not a redundant solution, rather it is trying to layer technologies.

For example, Win2k/XP uses kerberos to authenticate, the MS implementation is a redundant solution, it retrieves a list of kerberos servers and tries them in turn until one resoponds. It is also layer aware, if kerberos fails, it will attempt NTLM.

If you have required all clients to use ISA, if ISA fails, noone gets out unless you run a process which undoes your requirement to use ISA. There is no standard way to make the requirement susceptible to logic, ie, deploy a config to clients which requires them to use ISA unless ISA does not respond to pings, in which case don't use ISA.

The only possible way I can see of doing this would to program a service which runs on the client and undoes settings if ISA is unavailable - it would probably be cheaper to get the second ISA box than spend the time developing and testing a custom solution.

HTH
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM, SCOM or Something Else 6 65
Can’t disable NAT protocol in Windows Server 2012 3 87
Can't access router with user and pass 10 80
Networking Monitoring Tools 10 72
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question