Solved

ISA Server as Backend Firewall

Posted on 2007-04-08
3
443 Views
Last Modified: 2008-11-18
Hi guys,

I am using Fortigate at Edge Firewall and created many access policies and traffic shaping policies, implented IPS signature. Block or allow access to certain workstations on certatin links.

Now I want to implent ISA Server as Backend Firewall to provide more security and the main objective is to get monitoring reports of users bandwidth usage.

My question is that if i implement ISA in this then how about the policies that i have on Edge Firewall, because after implementing ISA Sever the source IP address will be the External Interface IP address of ISA Server. Right?

Waiting for your replies.

Regards,
Bxperts
0
Comment
Question by:bxperts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 18872219
1. The ISA exytrnal address will only be used if the relationship you set between internal & external is nat. If you set it for routing - (vconfiguration - networks - network rules) then it won't.

2. ISA does not report on bandwidth - it is a layer 3 firewall and a layer 7 application/gateway; it is not a router so does not give a hoot about bandwidth usage (only ISA2000 had that option, it was removed from ISA2004 & ISA2006). What it does report on is traffic usage as in what sites visited, by whom and the protocols used etc; not upon how much bandwidth was used.

0
 

Author Comment

by:bxperts
ID: 18872300
I see. So, this is the idea behind the scene. Our concern is only that how much data downloaded by a specific user in given time. I have seen one sample report of ISA 2004 and it will work fine with us.

Can I get any sample report to show my management?


Regards,
bxperts
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18872416
You can download and test ISA2006 from the MS web site for a 6 month trial or, if you use virtual server at all, you down load the .vhd file that is already there. Alternatively, MS gives access from the same site to test labs where you could get a sample out put of the reports available.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question