ISA Server as Backend Firewall

Hi guys,

I am using Fortigate at Edge Firewall and created many access policies and traffic shaping policies, implented IPS signature. Block or allow access to certain workstations on certatin links.

Now I want to implent ISA Server as Backend Firewall to provide more security and the main objective is to get monitoring reports of users bandwidth usage.

My question is that if i implement ISA in this then how about the policies that i have on Edge Firewall, because after implementing ISA Sever the source IP address will be the External Interface IP address of ISA Server. Right?

Waiting for your replies.

Regards,
Bxperts
bxpertsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
1. The ISA exytrnal address will only be used if the relationship you set between internal & external is nat. If you set it for routing - (vconfiguration - networks - network rules) then it won't.

2. ISA does not report on bandwidth - it is a layer 3 firewall and a layer 7 application/gateway; it is not a router so does not give a hoot about bandwidth usage (only ISA2000 had that option, it was removed from ISA2004 & ISA2006). What it does report on is traffic usage as in what sites visited, by whom and the protocols used etc; not upon how much bandwidth was used.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bxpertsAuthor Commented:
I see. So, this is the idea behind the scene. Our concern is only that how much data downloaded by a specific user in given time. I have seen one sample report of ISA 2004 and it will work fine with us.

Can I get any sample report to show my management?


Regards,
bxperts
0
Keith AlabasterEnterprise ArchitectCommented:
You can download and test ISA2006 from the MS web site for a 6 month trial or, if you use virtual server at all, you down load the .vhd file that is already there. Alternatively, MS gives access from the same site to test labs where you could get a sample out put of the reports available.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.