SBS03 Prem. ISA Firewall

Posted on 2006-04-19
Last Modified: 2010-04-19
I have just installed our SBSserverand we are trying to eliminate our firebox firewall with hopes of using ISA that came with SBS03. We have a seprate web server running mulitple public websites example (and SQL running on its own box) We now have them NAT'ed from the fire box. I have been told that ISA cannot NAT and that is dose not have a way of allowing a public website from any other machine that the sbs server. Since then ive been able to find web articles on NATing through SBS and a publishing wizard through ISA but nothing specificly what I have.

Thanks in adviance,
Phillip Smith Sr.
Technology Media Group
Question by:Tork4840
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    Actually, I'd keep the firebox... why eliminate another level of protection?

    By keeping it you can put your web server in a DMZ, on the perimiter of your network.  This is really the best practice for a web server... and ISA doesn't even have to deal with it.  But really, ISA can easily redirect a public website elsewhere.  Full overview of features (assuming you are using ISA2004, if you aren't it's in SBS SP1):

    As for the additional SQL server, you need to add it according to the prescribed method:


    Author Comment

    Thanks for responding Jeff

    The yearly watch gaurd subscription is up to 900 a year. There is no reporting and our ISP router has a manager firewall we are not using. We have been burnt with there support as well. 8-5 call you back within 4 hours from a guy that will just have to esculate buy the time you hear back from someone that can help we would have been better off blowing it up and rebuilding it. The web site will be moved evenuttally out side the ISA when the SQL is moved to it. The guy i replaced was a programmer so alot of websites are writtin with hard coded specific items. We will get the web sites rewrote and SQL moved as budget allows.

    Did I make a mistake by installing all the service packs before installing ISA 2000 from the disk? Possibley you could point me in the direction of how to access ISA2004 from the servicepacks and the recomended way of redirecting a public site.

    Alittle off subect but what dose it take to be concidered a Microsoft Certified Small Business Specialist? I have hired a local so called "Microsoft Certified Small Business Specialist" shop that was recomended on microsofts web site and they have been out 3 times with between 2 diffrent guys that didnt know to much about SBS let alone ISA. The first guy had his nose stuck in a SBS book the both times he was here untill I ran him off  left more problems than he was even hear to fix and the new one seems to know more about it but he is the same that told me i couldnt have a public website inside ISA.
    LVL 74

    Accepted Solution

    Well, that makse sense... I foreget about their subscription fees... I don't use the product personally.

    I'd still suggest that you use a hardware firewall between the server and the Internet.  The advantage still is the ability to segment out your web server to a DMZ.  One that i particularly like these days is the LINKSYS RV series because of it's dual WAN capability... making it easy to put the web server on it's on external IP if you want.

    You didn't make a mistake about installing service packs... do you have the three disk set for SP1?  If not you need to order it.  Info at  ISA2004 is only available by ordering the CD's, and it's on CD3.

    It only takes ONE MCP exam to become a Microsoft Small Business Specialist... so you do need to be a bit weary of the label.  However, there are also some VERY good MSBS's out there... I'd ask if the tech themselves is the MSBS.  I'm not sure who you were referring to, but thanks to Google, I'm guessing you are in the Dallas area?  If so, an MSBS with a rather good reputation in the Small Business Server community is Eriq O. Neale who wrote the Small Business Server Unleashed books.  His firm is  (and if that's who you were referring to, give Eriq a call and let him know what you think).



    Author Comment

    No i was not using Eric but i have added him on my list of possible resources.

    Is this all i need to do to get this issue resolved?

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now