Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 818
  • Last Modified:

Micrsoft ISA server & Terminal Services

All,

very quickly....

Do you need to run ISA server in order to get any benfits from terminal services? I have websense and checkpoint firewall and want to know if I need to run ISA at all...

The only thing Im thinking off is if (as most cleints run over terninal services) if ISA gives you any benefits if its runs with Term Services...

I dont see the point and wish to just run a websense/checkpoint intergrated solution....

Has anyone any ideas/pointers on this?

Thanks as always for any guidance
0
credmood
Asked:
credmood
  • 3
  • 3
2 Solutions
 
skaap2kCommented:
If you're confident with your checkpoint+websense firewall, I wouldnt bother with ISA server at all, i do not believe that it would give you any benefit as the terminal services protocol is pretty much closed and will just be passed through to the service to be serviced

If anything, ISA server might just cause you configuration problems ;)

-Rob
0
 
sow56091Commented:
I agree with skaap2k. A possible advantage of ISA, though, might be integration of your firewall to Active Directory, such that you could screen access to Terminal Services by using LDAP data via ISA--though this might be unnecessary in your scenario.
0
 
credmoodAuthor Commented:
thanks people, what about ISA in a proxy scenario? I can se its a bit pointless to have 2 firewalls in effect, but doesnt ISA act as a proxy? and is this a benfit at all?

Im trying to cover as much base as possible as I know I will be asked by the boss why I think just a checpoint/websense is the way to go...
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
skaap2kCommented:
Yes, you can use ISA as a proxy server - and in this case, it could be very useful as you can use NTLM authentication for users on the domain - this can be useful for auditting, access control etc, and generally transparent to the user (except for a few IE proxy setting changes)

-Rob
0
 
credmoodAuthor Commented:
so, to get things straight for a best option......I use a websense/checkpoint scenario with a ISA proxy server (i assume ISA has a setting whether to use it as a proxy or Fwall) you mention NTLM, I assume that this is on top of the kerboros auth that is used for the main logons....or am i not understanding ?

Thanks for you help
0
 
skaap2kCommented:
Yes, you can switch on the proxy part of it somewhere in there :)

In that, you have to choose whether you need users to authenticate or not to use the proxy - this is normally linked to your active directory users.

NTLM authentication is the type of authentication which most browsers will automatically send their domain credentials to when asked for them.

:)
Rob
0
 
credmoodAuthor Commented:
Thanks for this......:o)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now