• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

ISA Server set up in an existing firewalled network

Hi,

Right i have a firewall (Netscreen 25) with a front end server and a back end server configuration for my e-mail and calendar and file server. We use the Front end server only for outside request using OWA. They are all on the trust side with a MIP pointing to the Front end server for outside request. I had tried to put the Front end on the DMZ but it was not working. I know it is not the best set up but i had to make it work fast hehe. My plan is to separate the exchange server from the domain controller PC, get rid of the front end server and install an ISA server to filter outside traffic. Is it a good scenario or not and will i need to get rid of my existing firewall or not ???

Thanks in advance
0
nmmcfk
Asked:
nmmcfk
  • 3
1 Solution
 
Keith AlabasterCommented:

ISA is still one of the best application layer firewalls I have ever seen but I use ISA as my backend (internal firewall) device.
So let the Netscreen filter the incoming traffic and let ISA filter the outging traffic PLUS publish the services you want to make available to the outside such as email, dns. web/owa etc.

This gives you the best of both worlds.
0
 
nmmcfkAuthor Commented:
Alright, Thank You very much for the information. It sounds easy enough.
0
 
Keith AlabasterCommented:
Welcome :)
0
 
Keith AlabasterCommented:
Bottom line, Netscreen will forward all the ports you want to let through on to the ISA external nic. Netscreen will dump everything else.

ISa will publish the services you want it to host such as smtp, RDP, OWA etc. and will act as the proxy for all outgoing traffic.

Just a couple of links to be getting on with :)
http://www.microsoft.com/isaserver/techinfo/guidance/2004/default.mspx

http://www.microsoft.com/technet/prodtechnol/isa/2004/help/FW_SecureWebPub.mspx?mfr=true
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now