SBS03 Prem. ISA Firewall

Posted on 2006-04-19
Medium Priority
Last Modified: 2010-04-19
I have just installed our SBSserverand we are trying to eliminate our firebox firewall with hopes of using ISA that came with SBS03. We have a seprate web server running mulitple public websites example www.technologyprinting.com (and SQL running on its own box) We now have them NAT'ed from the fire box. I have been told that ISA cannot NAT and that is dose not have a way of allowing a public website from any other machine that the sbs server. Since then ive been able to find web articles on NATing through SBS and a publishing wizard through ISA but nothing specificly what I have.

Thanks in adviance,
Phillip Smith Sr.
Technology Media Group
Question by:Tork4840
  • 2
  • 2
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16490649
Actually, I'd keep the firebox... why eliminate another level of protection?

By keeping it you can put your web server in a DMZ, on the perimiter of your network.  This is really the best practice for a web server... and ISA doesn't even have to deal with it.  But really, ISA can easily redirect a public website elsewhere.  Full overview of features (assuming you are using ISA2004, if you aren't it's in SBS SP1): http://www.microsoft.com/isaserver/evaluation/whatsnew.mspx

As for the additional SQL server, you need to add it according to the prescribed method:  http://sbsurl.com/addserver


Author Comment

ID: 16491200
Thanks for responding Jeff

The yearly watch gaurd subscription is up to 900 a year. There is no reporting and our ISP router has a manager firewall we are not using. We have been burnt with there support as well. 8-5 call you back within 4 hours from a guy that will just have to esculate buy the time you hear back from someone that can help we would have been better off blowing it up and rebuilding it. The web site will be moved evenuttally out side the ISA when the SQL is moved to it. The guy i replaced was a programmer so alot of websites are writtin with hard coded specific items. We will get the web sites rewrote and SQL moved as budget allows.

Did I make a mistake by installing all the service packs before installing ISA 2000 from the disk? Possibley you could point me in the direction of how to access ISA2004 from the servicepacks and the recomended way of redirecting a public site.

Alittle off subect but what dose it take to be concidered a Microsoft Certified Small Business Specialist? I have hired a local so called "Microsoft Certified Small Business Specialist" shop that was recomended on microsofts web site and they have been out 3 times with between 2 diffrent guys that didnt know to much about SBS let alone ISA. The first guy had his nose stuck in a SBS book the both times he was here untill I ran him off  left more problems than he was even hear to fix and the new one seems to know more about it but he is the same that told me i couldnt have a public website inside ISA.
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 16491884
Well, that makse sense... I foreget about their subscription fees... I don't use the product personally.

I'd still suggest that you use a hardware firewall between the server and the Internet.  The advantage still is the ability to segment out your web server to a DMZ.  One that i particularly like these days is the LINKSYS RV series because of it's dual WAN capability... making it easy to put the web server on it's on external IP if you want.

You didn't make a mistake about installing service packs... do you have the three disk set for SP1?  If not you need to order it.  Info at http://sbsurl.com/sp1  ISA2004 is only available by ordering the CD's, and it's on CD3.

It only takes ONE MCP exam to become a Microsoft Small Business Specialist... so you do need to be a bit weary of the label.  However, there are also some VERY good MSBS's out there... I'd ask if the tech themselves is the MSBS.  I'm not sure who you were referring to, but thanks to Google, I'm guessing you are in the Dallas area?  If so, an MSBS with a rather good reputation in the Small Business Server community is Eriq O. Neale who wrote the Small Business Server Unleashed books.  His firm is http://www.eonconsulting.net.  (and if that's who you were referring to, give Eriq a call and let him know what you think).



Author Comment

ID: 16544672
No i was not using Eric but i have added him on my list of possible resources.

Is this all i need to do to get this issue resolved?

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Screencast - Getting to Know the Pipeline
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question