Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

Microsoft ISA Server 2004

Hi guys! I am assigned a job to install Microsoft ISA onto my co.'s network.  Does the below network look OK?!

                               Internet
                                    |
                                Router
                                    |
                            Cisco Pix FW
                                    |
                                    |
  ------------------------------------------------------------
  |              |               |                |                       |
Int PC     Int PC2      Int PC3       MS ISA Srv 2004

All internal PCs will access the Internet through MS ISA Srv 2004 (proxy server).  Apart from configuring MS ISA Srv 2004 as a proxy server, i also would like to use it for bandwidth prioritizing (for application access), can this be done with the network layout above? Or the MS ISA Srv must be at the gateway for this bandwidth prioritizing? Please advise.

More question here about MS ISA Srv:
1. Does it have web filtering feature (to control employees' Internet access)?

Any comments are welcome. Tks.
0
viansoo
Asked:
viansoo
3 Solutions
 
graemeboroCommented:
For web filtering to a good standard in ISA server, Surf Control have a specific module for ISA Server :-
http://www.surfcontrol.com/internet_monitor.aspx?nocache=3%2f10%2f2005+6%3a09%3a39+AM&promocode=zisama

The following site also has various resources to answer your question :-

http://www.isaserver.org/software/ISA/Monitoring_&_Admin/
0
 
tmehmetCommented:
Filtering is possible. For real filtering take a look at some content filtering specific software or managed service.

Your lan design is fine however, i suggest you dual home the ISA server, it will make it easier to route traffic and also  the ISA can act as a second layer of firewalling. In ther event there is a PIX issue, you are still getting some defence from th ISA.

0
 
_ruudsje_Commented:
My oppinion, while your draw will work I should chouse for the one below

Internet
                                    |
                                Router
                                    |
                            Cisco Pix FW
                                    |
                           MS ISA Srv 2004
                                    |
  ------------------------------------------------------------
  |              |               |                |                       |
Int PC     Int PC2      Int PC3      

Because now you created 1. an extra DMZ (between pix and isa) 2. you have an 2nd line of defense.........ISA 2004 is also a very good firewall, so why not use it.

You can filter http traffic by url's you create in isa to block or by user, with a 3rd party software you can filter with sites that'll use update lists like gfi or surfcontrol......webmarshal is also a good, but expensive alternative this one learns itself (don't know for shure surfcontrol does it, know that surfcontrol has a option to chack even the pictures)

Good luck
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now