Solved

Redundant ISA 2004 Solution

Posted on 2004-10-08
5
229 Views
Last Modified: 2013-11-16
I am looking to use ISA 2004 on my network as a proxy, firewall, and cache. my question is if i redirect everyone on my network to my corp hq to use isa as a proxy, what happens if the isa server goes down for any reason? usually they say to use another isa server in an array but i would rather see if i could let them go out there own local gateway instead.
0
Comment
Question by:etracsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:swinterborn
ID: 12262729
If you're running ISA as a firewall, why would you put another gateway into the network? The whole point of a firewall is that all traffic should be forced to go through it so that rules can be applied to permit/deny traffic.
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12262902
because i already use pix but i like the features of the application level firewall & proxy. And i would never use a software firewall for my entire network. now I'm trying to see if I can provide some redundancy
0
 
LVL 10

Expert Comment

by:winzig
ID: 12263202
and what about 2 isa servers in NLB cluster ?
0
 
LVL 2

Author Comment

by:etracsupport
ID: 12263262
possibly but i am concerned with something happening to the servers and preventing the workstations from accessing the internet.
0
 
LVL 5

Accepted Solution

by:
swinterborn earned 125 total points
ID: 12263278
I don't see how you can - what you describe is not a redundant solution, rather it is trying to layer technologies.

For example, Win2k/XP uses kerberos to authenticate, the MS implementation is a redundant solution, it retrieves a list of kerberos servers and tries them in turn until one resoponds. It is also layer aware, if kerberos fails, it will attempt NTLM.

If you have required all clients to use ISA, if ISA fails, noone gets out unless you run a process which undoes your requirement to use ISA. There is no standard way to make the requirement susceptible to logic, ie, deploy a config to clients which requires them to use ISA unless ISA does not respond to pings, in which case don't use ISA.

The only possible way I can see of doing this would to program a service which runs on the client and undoes settings if ISA is unavailable - it would probably be cheaper to get the second ISA box than spend the time developing and testing a custom solution.

HTH
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question