ISA Server set up in an existing firewalled network

Posted on 2006-05-31
Last Modified: 2012-06-27

Right i have a firewall (Netscreen 25) with a front end server and a back end server configuration for my e-mail and calendar and file server. We use the Front end server only for outside request using OWA. They are all on the trust side with a MIP pointing to the Front end server for outside request. I had tried to put the Front end on the DMZ but it was not working. I know it is not the best set up but i had to make it work fast hehe. My plan is to separate the exchange server from the domain controller PC, get rid of the front end server and install an ISA server to filter outside traffic. Is it a good scenario or not and will i need to get rid of my existing firewall or not ???

Thanks in advance
Question by:nmmcfk
    LVL 51

    Expert Comment

    by:Keith Alabaster

    ISA is still one of the best application layer firewalls I have ever seen but I use ISA as my backend (internal firewall) device.
    So let the Netscreen filter the incoming traffic and let ISA filter the outging traffic PLUS publish the services you want to make available to the outside such as email, dns. web/owa etc.

    This gives you the best of both worlds.

    Author Comment

    Alright, Thank You very much for the information. It sounds easy enough.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Welcome :)
    LVL 51

    Accepted Solution

    Bottom line, Netscreen will forward all the ports you want to let through on to the ISA external nic. Netscreen will dump everything else.

    ISa will publish the services you want it to host such as smtp, RDP, OWA etc. and will act as the proxy for all outgoing traffic.

    Just a couple of links to be getting on with :)

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now