HELP!!! MISSION CRITICAL!!! Looking for some advice on ISA 2000 that comes with Small Business Server 2003....I got some very specific questions for the experts!

My company of about 25 users with a mix of Windows 2000 and Windows XP
The network is two servers (identical) with one server running Windows 2003 SBS (Domain Controller) and the other Windows 2003 Standard on an AD domain with DFS.

We had a security breach from a user looking at unapproved websites which has sparked a upgrade and evaluation of the internet policy.

I have a firewall (smoothwall) which is setup to give me a DMZ to email gateway then the firewalled side of it goes to a switch which then feeds the users and the servers.
Smoothwall is a linux firwall which you install to a PC and gives you all the functionality of a commercial firewall very impressive I think works great.

I know that ISA needs two NIC cards to there a way around this?  I have two in there server but I'm alittle afraid to change the configuration considering this machine is mission critical everytday of the week.

I heard that ISA 2004 came with windows 2003 SMS service packs is there a free upgrade or a way to get it...ISA 2000 cam with my Windows 2003 SBS disks.

I main usage I will receive from ISA is the cache and blocking all but approved websites... so my network is firewalled so will I receive any benefits at all...

Please be thorough in explanation because ISA is a little confusing for me...

Thanks Tons
Who is Participating?
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:

Just to confirm what these guys have already told you... you really do need two NICS.  The recommended configuration is here:

You should expect about a 30 to 60 minute down-time in order to get ISA installed.  If you truly can't have that kind of down time, you should go to and get the Swing Kit.  You can half-swing onto another PC which will keep everything up and running... this will temporarily move your Exchange and IIS and RRAS over to the swing server.

Then you can revert back to your original configuration once you've got the NIC installed and ISA configured with the CEICW (that's all you would need to run to get ISA going and your internet connection working).  

Then you can configure policies at your leisure.

SaineolaiConnect With a Mentor Commented:
The upgrade to ISA 2004 is part of SBS service pack 1.  This is a free upgrade.  Details are available here:

You will recieve additional security benefits from ISA2004 over a basic firewall.  The items I would highlight is the flexibility in publishing sites to the Internet.

I would recommend that you configure ISA 2004 using both network cards as is recommended.
dhoustonieConnect With a Mentor Commented:
Yes Isa does requre 2 nics, if you do not use two you will only be able to use the caching feature of ISA.
If you have an existing smoothwall firewall you could download addons that would allow you to get more granualar security and integrate it properly to the SBS Network.

ISA is a very good and solid build, but it does not block access to inappropriate sites on its own, you can block access completely or monitor access to innappriate sites and inform the users.

You maybe better to use Dans Gaurdian or Smooth Guardian to improve your network security.

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

brian_leightyAuthor Commented:
what is CEICW?

why must there be two NIC cards

do i have to have ISA 2000 installed before I upgrade to 2004 from update disk?
CEICW = Connect to Internet Wizard
I know the acronym does not match but that is what is refered to.
ISA requires two nics because it has to route between two networks, and can not be done properly using a single nic. If you want to use ISA as a simple cache server that is possible with one nic, but to achieve the security you required you would need to use both network cards. I do not believe ISA is properly supported with a single nic SBS enviroment.
No you do not need to install 2000 before 2004, it would be perferable not to have it prior to the upgrade, just simply for ease of transition and no orphaned registry entries.
Hope this helps some,

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
oops, sorry, I thought I had typed the whole thing out... :-)~

The acronym is actually Configure Email and Internet Connection Wizard.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.