Test web server on ISA 2004

Posted on 2006-03-20
Last Modified: 2013-12-04
I am re-designing a small network (30 users), mostly the Internet facing portion. This will probably involve an ISA 2004 server for outbound proxy and handling remote access to a new Exchange server on the internal network.  The ISA server would be dual-nic, with external nic sitting on the DMZ behind a firewall and the other nic internal.

Part of the test if\sproviding a test of users downloading some files re-directed from their hosting vendor.  User is on www site, clicks to download (HTTP) a file, then is redirected to network in question.

My question is: Can I let this download come from the ISA server or do I need a separate  server on the DMZ for security?  If the concept proves valid, I would need a separate server for performance, but was not sure it was technically or security necessary.  

Question by:banjo1960
    LVL 51

    Accepted Solution

    You 'can' do it from ISA by publishing the web service in the ISA's internal NIC IP but it is highly "not" recommended.

    technically it should be on a seperate box as ISA should be controlling the security, the flow of traffic and redirection of requests. The ISA server is known s the 'local host' when you set it up and behaves differently to any other machine that it protects. Things that may work in this fashion are not assured to work for any clients.

    From a security point also you should not host ANY service on the ISA server itself. The one exception to this rule is when you are running Microsoft's Small Business Server (SBS). SBS runs a cut down version of ISA that is designed to sit on the SBS Domain Controller.

    In short, put it on any box (perimeter or internal) but not on the ISA.


    LVL 1

    Author Comment

    Thanks for the clear response. I was fairly certain that was the case from other articles, but you cleared it up nicely.

    LVL 51

    Expert Comment

    by:Keith Alabaster
    Your welcome :)
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Thank you :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now