We help IT Professionals succeed at work.

Test web server on ISA 2004

banjo1960
banjo1960 asked
on
Medium Priority
159 Views
Last Modified: 2013-12-04
I am re-designing a small network (30 users), mostly the Internet facing portion. This will probably involve an ISA 2004 server for outbound proxy and handling remote access to a new Exchange server on the internal network.  The ISA server would be dual-nic, with external nic sitting on the DMZ behind a firewall and the other nic internal.

Part of the test if\sproviding a test of users downloading some files re-directed from their hosting vendor.  User is on www site, clicks to download (HTTP) a file, then is redirected to network in question.

My question is: Can I let this download come from the ISA server or do I need a separate  server on the DMZ for security?  If the concept proves valid, I would need a separate server for performance, but was not sure it was technically or security necessary.  

Thanks.
Comment
Watch Question

Enterprise Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
You 'can' do it from ISA by publishing the web service in the ISA's internal NIC IP but it is highly "not" recommended.

technically it should be on a seperate box as ISA should be controlling the security, the flow of traffic and redirection of requests. The ISA server is known s the 'local host' when you set it up and behaves differently to any other machine that it protects. Things that may work in this fashion are not assured to work for any clients.

From a security point also you should not host ANY service on the ISA server itself. The one exception to this rule is when you are running Microsoft's Small Business Server (SBS). SBS runs a cut down version of ISA that is designed to sit on the SBS Domain Controller.

In short, put it on any box (perimeter or internal) but not on the ISA.

Regards
keith

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks for the clear response. I was fairly certain that was the case from other articles, but you cleared it up nicely.

Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Your welcome :)
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Thank you :)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.