[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA 2004 Firewall - Quick Setup of 3 Websites, Remote Desktop, and SQL Server Ports

Posted on 2006-05-30
7
Medium Priority
?
272 Views
Last Modified: 2013-11-16
Hey everyone,

I've got a new web server that I have to host in the DMZ at the data center that we host our servers at.  So we placed ISA 2004 as the application layer firewall and now I have it up and running for the first time.

I have never used software protection like this before...nor have I used ISA...but I'm sure without it I'll be hosting video game torrents for the pirating public.

I've got the server on my local 10.0.0.0 network and the server has 10.0.0.64.  Once hosted in the data center it will have something like 69.84.XX.XXX so I need to know what is going on so that I don't get locked up in a scheme when I get to the data-center to get it up and running.  

I'll need the following to be able to run.  
1) IIS and port 80 to run websites.
2) 3389 for RDP to the server
3) MS SQL 1433 and 14334

and finially,
4) Allow Symantic AV to update...it got locked down after I installed ISA.

The ISA I installed is the Standard edition with the typical installation.  SP2 was installed for ISA and it is on Windows 2003 Standard R2.

Thanks a million,
inverted

0
Comment
Question by:inverted_2000
  • 4
  • 3
7 Comments
 
LVL 2

Author Comment

by:inverted_2000
ID: 16792290
okay...I allowed the filter for the default policy to enable all networks to the server's network and it all worked.

Thanks anyway,
inverted
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16792790
Sure, but you have also turned ISA off
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16793023
I have...what should I do then?

Thanks
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 2

Author Comment

by:inverted_2000
ID: 16793947
Please explain why it is off then???

Thanks
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16794621
By enabling the default rule to talk to all networks, ISA will not be doing its job. You have made the ISA into a half-hearted router.

I have put some links here that you may wish to have a read through. This will give you the concepts then if you still have concerns/issues we can try and work through them. ISA is fairly straight-forward once you have an understanding of the basics. You will need to undo the changes you put in. No offence.

RDP Publishing
http://www.isaserver.org/tutorials/Publishing-Remote-Desktop-Web-Connection-Sites-ISA-Firewall-Part1.html
http://www.isaserver.org/tutorials/Publishing-Remote-Desktop-Web-Connection-Sites-ISA-Firewall-Part2.html
http://www.isaserver.org/tutorials/Publishing-Remote-Desktop-Web-Connection-Sites-ISA-Firewall-Part3.html

Use the same concept for your SQL servers

Web Publishing
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/publishingwebservers.mspx
http://support.microsoft.com/default.aspx?kbid=837834&product=isas2004
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16799725
Nice...

I have an ISA Certified contact at the data center...so I think I'll be safe with that as a back up.

Thanks a lot,
inverted
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16800547
Not my problem. If you need further help, just holler :)

Regards

Keith
ISA MCT
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month18 days, 1 hour left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question