?
Solved

HELP!!! MISSION CRITICAL!!!   Looking for some advice on ISA 2000 that comes with Small Business Server 2003....I got some very specific questions for the experts!

Posted on 2006-05-02
6
Medium Priority
?
258 Views
Last Modified: 2010-04-19
Scope:
My company of about 25 users with a mix of Windows 2000 and Windows XP
The network is two servers (identical) with one server running Windows 2003 SBS (Domain Controller) and the other Windows 2003 Standard on an AD domain with DFS.

We had a security breach from a user looking at unapproved websites which has sparked a upgrade and evaluation of the internet policy.

I have a firewall (smoothwall) which is setup to give me a DMZ to email gateway then the firewalled side of it goes to a switch which then feeds the users and the servers.
Smoothwall is a linux firwall which you install to a PC and gives you all the functionality of a commercial firewall very impressive I think works great.

I know that ISA needs two NIC cards to operate...is there a way around this?  I have two in there server but I'm alittle afraid to change the configuration considering this machine is mission critical everytday of the week.

I heard that ISA 2004 came with windows 2003 SMS service packs is there a free upgrade or a way to get it...ISA 2000 cam with my Windows 2003 SBS disks.

I main usage I will receive from ISA is the cache and blocking all but approved websites... so my network is firewalled so will I receive any benefits at all...

Please be thorough in explanation because ISA is a little confusing for me...

Thanks Tons
Brian
 
0
Comment
Question by:brian_leighty
6 Comments
 
LVL 8

Assisted Solution

by:Saineolai
Saineolai earned 600 total points
ID: 16585967
The upgrade to ISA 2004 is part of SBS service pack 1.  This is a free upgrade.  Details are available here:

http://www.microsoft.com/windowsserver2003/sbs/downloads/sp1/default.mspx

You will recieve additional security benefits from ISA2004 over a basic firewall.  The items I would highlight is the flexibility in publishing sites to the Internet.

I would recommend that you configure ISA 2004 using both network cards as is recommended.
0
 
LVL 8

Assisted Solution

by:dhoustonie
dhoustonie earned 600 total points
ID: 16588435
Yes Isa does requre 2 nics, if you do not use two you will only be able to use the caching feature of ISA.
If you have an existing smoothwall firewall you could download addons that would allow you to get more granualar security and integrate it properly to the SBS Network.

ISA is a very good and solid build, but it does not block access to inappropriate sites on its own, you can block access completely or monitor access to innappriate sites and inform the users.

You maybe better to use Dans Gaurdian or Smooth Guardian to improve your network security.

David
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 800 total points
ID: 16597073
Brian,

Just to confirm what these guys have already told you... you really do need two NICS.  The recommended configuration is here:  http://sbsurl.com/twonics.

You should expect about a 30 to 60 minute down-time in order to get ISA installed.  If you truly can't have that kind of down time, you should go to http://sbsmigration.com and get the Swing Kit.  You can half-swing onto another PC which will keep everything up and running... this will temporarily move your Exchange and IIS and RRAS over to the swing server.

Then you can revert back to your original configuration once you've got the NIC installed and ISA configured with the CEICW (that's all you would need to run to get ISA going and your internet connection working).  

Then you can configure policies at your leisure.

Jeff
TechSoEasy
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:brian_leighty
ID: 16598101
what is CEICW?

why must there be two NIC cards

do i have to have ISA 2000 installed before I upgrade to 2004 from update disk?
0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 16598177
CEICW = Connect to Internet Wizard
I know the acronym does not match but that is what is refered to.
ISA requires two nics because it has to route between two networks, and can not be done properly using a single nic. If you want to use ISA as a simple cache server that is possible with one nic, but to achieve the security you required you would need to use both network cards. I do not believe ISA is properly supported with a single nic SBS enviroment.
No you do not need to install 2000 before 2004, it would be perferable not to have it prior to the upgrade, just simply for ease of transition and no orphaned registry entries.
Hope this helps some,

David
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16599028
oops, sorry, I thought I had typed the whole thing out... :-)~

The acronym is actually Configure Email and Internet Connection Wizard.  

Jeff
TechSoEasy
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question