Redundant ISA 2004 Solution

I am looking to use ISA 2004 on my network as a proxy, firewall, and cache. my question is if i redirect everyone on my network to my corp hq to use isa as a proxy, what happens if the isa server goes down for any reason? usually they say to use another isa server in an array but i would rather see if i could let them go out there own local gateway instead.
LVL 2
etracsupportAsked:
Who is Participating?
 
swinterbornConnect With a Mentor Commented:
I don't see how you can - what you describe is not a redundant solution, rather it is trying to layer technologies.

For example, Win2k/XP uses kerberos to authenticate, the MS implementation is a redundant solution, it retrieves a list of kerberos servers and tries them in turn until one resoponds. It is also layer aware, if kerberos fails, it will attempt NTLM.

If you have required all clients to use ISA, if ISA fails, noone gets out unless you run a process which undoes your requirement to use ISA. There is no standard way to make the requirement susceptible to logic, ie, deploy a config to clients which requires them to use ISA unless ISA does not respond to pings, in which case don't use ISA.

The only possible way I can see of doing this would to program a service which runs on the client and undoes settings if ISA is unavailable - it would probably be cheaper to get the second ISA box than spend the time developing and testing a custom solution.

HTH
0
 
swinterbornCommented:
If you're running ISA as a firewall, why would you put another gateway into the network? The whole point of a firewall is that all traffic should be forced to go through it so that rules can be applied to permit/deny traffic.
0
 
etracsupportAuthor Commented:
because i already use pix but i like the features of the application level firewall & proxy. And i would never use a software firewall for my entire network. now I'm trying to see if I can provide some redundancy
0
 
winzigCommented:
and what about 2 isa servers in NLB cluster ?
0
 
etracsupportAuthor Commented:
possibly but i am concerned with something happening to the servers and preventing the workstations from accessing the internet.
0
All Courses

From novice to tech pro — start learning today.