ISA Server 2004 in single interface mode protecting OWA - possible??
Posted on 2006-07-06
I have a requirement to protect an Exchange server running OWA. ISA Server 2004 seems to be the right product to do this, running as a reverse proxy. Problem is that all the literature I can find talks about using it as a firewall. It might be a great firewall, I don't know, but I don't need it to do that - I only need it as a layer 7 inspection device to protect some web servers on the internal network.
Am planning to install it in single interface mode on the DMZ, behind a Cisco PIX, and have the inbound web traffic routed to it. It then inspects it and makes sure there's nothing mallicious in there and reverse proxies the web servers which sit safely on the inside network.
I have read various topologies and rants by a variety of people but everyone seems to be adamant that the thing is going to be installed as a firewall. Is the config I propose possible? Does anyone have any other comments? For the record, the ISA IS NOT going to become the new firewall solution here. The PIX does a great job but needs a bit of help in this area, enter stage left the ISA.
Thanks in advance.