Solved

Micrsoft ISA server & Terminal Services

Posted on 2006-11-07
7
756 Views
Last Modified: 2013-11-21
All,

very quickly....

Do you need to run ISA server in order to get any benfits from terminal services? I have websense and checkpoint firewall and want to know if I need to run ISA at all...

The only thing Im thinking off is if (as most cleints run over terninal services) if ISA gives you any benefits if its runs with Term Services...

I dont see the point and wish to just run a websense/checkpoint intergrated solution....

Has anyone any ideas/pointers on this?

Thanks as always for any guidance
0
Comment
Question by:credmood
  • 3
  • 3
7 Comments
 
LVL 5

Expert Comment

by:skaap2k
ID: 17890735
If you're confident with your checkpoint+websense firewall, I wouldnt bother with ISA server at all, i do not believe that it would give you any benefit as the terminal services protocol is pretty much closed and will just be passed through to the service to be serviced

If anything, ISA server might just cause you configuration problems ;)

-Rob
0
 
LVL 3

Assisted Solution

by:sow56091
sow56091 earned 100 total points
ID: 17890820
I agree with skaap2k. A possible advantage of ISA, though, might be integration of your firewall to Active Directory, such that you could screen access to Terminal Services by using LDAP data via ISA--though this might be unnecessary in your scenario.
0
 

Author Comment

by:credmood
ID: 17891816
thanks people, what about ISA in a proxy scenario? I can se its a bit pointless to have 2 firewalls in effect, but doesnt ISA act as a proxy? and is this a benfit at all?

Im trying to cover as much base as possible as I know I will be asked by the boss why I think just a checpoint/websense is the way to go...
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 5

Expert Comment

by:skaap2k
ID: 17891886
Yes, you can use ISA as a proxy server - and in this case, it could be very useful as you can use NTLM authentication for users on the domain - this can be useful for auditting, access control etc, and generally transparent to the user (except for a few IE proxy setting changes)

-Rob
0
 

Author Comment

by:credmood
ID: 17891999
so, to get things straight for a best option......I use a websense/checkpoint scenario with a ISA proxy server (i assume ISA has a setting whether to use it as a proxy or Fwall) you mention NTLM, I assume that this is on top of the kerboros auth that is used for the main logons....or am i not understanding ?

Thanks for you help
0
 
LVL 5

Accepted Solution

by:
skaap2k earned 400 total points
ID: 17892513
Yes, you can switch on the proxy part of it somewhere in there :)

In that, you have to choose whether you need users to authenticate or not to use the proxy - this is normally linked to your active directory users.

NTLM authentication is the type of authentication which most browsers will automatically send their domain credentials to when asked for them.

:)
Rob
0
 

Author Comment

by:credmood
ID: 17893112
Thanks for this......:o)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now