[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Redundant ISA 2004 Solution

Posted on 2004-10-08
5
Medium Priority
?
233 Views
Last Modified: 2013-11-16
I am looking to use ISA 2004 on my network as a proxy, firewall, and cache. my question is if i redirect everyone on my network to my corp hq to use isa as a proxy, what happens if the isa server goes down for any reason? usually they say to use another isa server in an array but i would rather see if i could let them go out there own local gateway instead.
0
Comment
Question by:etracsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:swinterborn
ID: 12262729
If you're running ISA as a firewall, why would you put another gateway into the network? The whole point of a firewall is that all traffic should be forced to go through it so that rules can be applied to permit/deny traffic.
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12262902
because i already use pix but i like the features of the application level firewall & proxy. And i would never use a software firewall for my entire network. now I'm trying to see if I can provide some redundancy
0
 
LVL 10

Expert Comment

by:winzig
ID: 12263202
and what about 2 isa servers in NLB cluster ?
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12263262
possibly but i am concerned with something happening to the servers and preventing the workstations from accessing the internet.
0
 
LVL 5

Accepted Solution

by:
swinterborn earned 250 total points
ID: 12263278
I don't see how you can - what you describe is not a redundant solution, rather it is trying to layer technologies.

For example, Win2k/XP uses kerberos to authenticate, the MS implementation is a redundant solution, it retrieves a list of kerberos servers and tries them in turn until one resoponds. It is also layer aware, if kerberos fails, it will attempt NTLM.

If you have required all clients to use ISA, if ISA fails, noone gets out unless you run a process which undoes your requirement to use ISA. There is no standard way to make the requirement susceptible to logic, ie, deploy a config to clients which requires them to use ISA unless ISA does not respond to pings, in which case don't use ISA.

The only possible way I can see of doing this would to program a service which runs on the client and undoes settings if ISA is unavailable - it would probably be cheaper to get the second ISA box than spend the time developing and testing a custom solution.

HTH
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Make the most of your online learning experience.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question