Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ISA Server as Backend Firewall

Posted on 2007-04-08
3
Medium Priority
?
446 Views
Last Modified: 2008-11-18
Hi guys,

I am using Fortigate at Edge Firewall and created many access policies and traffic shaping policies, implented IPS signature. Block or allow access to certain workstations on certatin links.

Now I want to implent ISA Server as Backend Firewall to provide more security and the main objective is to get monitoring reports of users bandwidth usage.

My question is that if i implement ISA in this then how about the policies that i have on Edge Firewall, because after implementing ISA Sever the source IP address will be the External Interface IP address of ISA Server. Right?

Waiting for your replies.

Regards,
Bxperts
0
Comment
Question by:bxperts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 18872219
1. The ISA exytrnal address will only be used if the relationship you set between internal & external is nat. If you set it for routing - (vconfiguration - networks - network rules) then it won't.

2. ISA does not report on bandwidth - it is a layer 3 firewall and a layer 7 application/gateway; it is not a router so does not give a hoot about bandwidth usage (only ISA2000 had that option, it was removed from ISA2004 & ISA2006). What it does report on is traffic usage as in what sites visited, by whom and the protocols used etc; not upon how much bandwidth was used.

0
 

Author Comment

by:bxperts
ID: 18872300
I see. So, this is the idea behind the scene. Our concern is only that how much data downloaded by a specific user in given time. I have seen one sample report of ISA 2004 and it will work fine with us.

Can I get any sample report to show my management?


Regards,
bxperts
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18872416
You can download and test ISA2006 from the MS web site for a 6 month trial or, if you use virtual server at all, you down load the .vhd file that is already there. Alternatively, MS gives access from the same site to test labs where you could get a sample out put of the reports available.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question