HELP!!! MISSION CRITICAL!!!   Looking for some advice on ISA 2000 that comes with Small Business Server 2003....I got some very specific questions for the experts!

Posted on 2006-05-02
Last Modified: 2010-04-19
My company of about 25 users with a mix of Windows 2000 and Windows XP
The network is two servers (identical) with one server running Windows 2003 SBS (Domain Controller) and the other Windows 2003 Standard on an AD domain with DFS.

We had a security breach from a user looking at unapproved websites which has sparked a upgrade and evaluation of the internet policy.

I have a firewall (smoothwall) which is setup to give me a DMZ to email gateway then the firewalled side of it goes to a switch which then feeds the users and the servers.
Smoothwall is a linux firwall which you install to a PC and gives you all the functionality of a commercial firewall very impressive I think works great.

I know that ISA needs two NIC cards to there a way around this?  I have two in there server but I'm alittle afraid to change the configuration considering this machine is mission critical everytday of the week.

I heard that ISA 2004 came with windows 2003 SMS service packs is there a free upgrade or a way to get it...ISA 2000 cam with my Windows 2003 SBS disks.

I main usage I will receive from ISA is the cache and blocking all but approved websites... so my network is firewalled so will I receive any benefits at all...

Please be thorough in explanation because ISA is a little confusing for me...

Thanks Tons
Question by:brian_leighty
    LVL 8

    Assisted Solution

    The upgrade to ISA 2004 is part of SBS service pack 1.  This is a free upgrade.  Details are available here:

    You will recieve additional security benefits from ISA2004 over a basic firewall.  The items I would highlight is the flexibility in publishing sites to the Internet.

    I would recommend that you configure ISA 2004 using both network cards as is recommended.
    LVL 8

    Assisted Solution

    Yes Isa does requre 2 nics, if you do not use two you will only be able to use the caching feature of ISA.
    If you have an existing smoothwall firewall you could download addons that would allow you to get more granualar security and integrate it properly to the SBS Network.

    ISA is a very good and solid build, but it does not block access to inappropriate sites on its own, you can block access completely or monitor access to innappriate sites and inform the users.

    You maybe better to use Dans Gaurdian or Smooth Guardian to improve your network security.

    LVL 74

    Accepted Solution


    Just to confirm what these guys have already told you... you really do need two NICS.  The recommended configuration is here:

    You should expect about a 30 to 60 minute down-time in order to get ISA installed.  If you truly can't have that kind of down time, you should go to and get the Swing Kit.  You can half-swing onto another PC which will keep everything up and running... this will temporarily move your Exchange and IIS and RRAS over to the swing server.

    Then you can revert back to your original configuration once you've got the NIC installed and ISA configured with the CEICW (that's all you would need to run to get ISA going and your internet connection working).  

    Then you can configure policies at your leisure.


    Author Comment

    what is CEICW?

    why must there be two NIC cards

    do i have to have ISA 2000 installed before I upgrade to 2004 from update disk?
    LVL 8

    Expert Comment

    CEICW = Connect to Internet Wizard
    I know the acronym does not match but that is what is refered to.
    ISA requires two nics because it has to route between two networks, and can not be done properly using a single nic. If you want to use ISA as a simple cache server that is possible with one nic, but to achieve the security you required you would need to use both network cards. I do not believe ISA is properly supported with a single nic SBS enviroment.
    No you do not need to install 2000 before 2004, it would be perferable not to have it prior to the upgrade, just simply for ease of transition and no orphaned registry entries.
    Hope this helps some,

    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    oops, sorry, I thought I had typed the whole thing out... :-)~

    The acronym is actually Configure Email and Internet Connection Wizard.  


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
    The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now