• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3979
  • Last Modified:

Removing ISA Server 2004 from SBS 2003 Premium

To simplify our network topology/ complexity I'd like to remove ISA 2004 from our SBS 2003 Premium server. We're currently utilizing a hardware firewall (PIX 515E) for a site-to-site IPSEC VPN with a remote office, AND ISA 2004 to provide local firewall/ proxy services. Both of these firewalls serve as gateways, and are two separate possible entry points to secure. I'm sure you can see why this is a bad thing...

(And yes, I know that I'm probably pushing SBS beyond its intended purpose)

Now that I've given the background, here's the question: What's the best way to remove ISA from the mix? Before completely uninstalling it I'd like to "disable" it in some way, to verify that nothing ends up broken. What steps should I take, and are there any risks associated with removing ISA? Sometimes I feel like administering SBS is like playing Jenga - remove the wrong piece and it'll all come crashing down.
0
david_brunelle
Asked:
david_brunelle
  • 3
  • 2
1 Solution
 
Keith AlabasterCommented:
No, I can't see why this is a bad thing - in fact it is a very good thing when configured correctly.

No, you are not pushing SBS beyond its capabilities. SBS is designed to run in that configuration assuming you have specified the hardware to match the requirements. If it was nit a suitable scenario, Microsoft would not offer the Premium Edition.

You cannot simply disable ISA as it doesn't play ball that way.
Remove ISA and then re-run the configure email and internet connection wizard again. I would suggest backing up the ISA configuration first though ready for when you decide to reinstall it.

You will need to remove the isa firewall client from each wok station (if you have deployed it) and remove the proxy settings from the browsers of each work station also as you will no longer have a proxy server.

Up yo you what additional product you buy now (if any) to protect your self at the application layer.
0
 
david_brunelleAuthor Commented:
Isn't it possible to use ISA in a single NIC configuration acting only as a proxy, and NOT a firewall? Maybe this isn't supported in the SBS implementation of ISA?
0
 
Keith AlabasterCommented:
Yes you can but you will need to remove one of the nics (or team them together to make one device prior to reinstalling ISA. Disabling it is not really an option.

Only other alternative would be to leave both nics in, install ISA then try and configure it all manually which would be 'orrible on an SBS box.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Keith AlabasterCommented:
Thanks :)
0
 
technomicCommented:
removing ISA
0
 
technomicCommented:
sorry guys, posted comment in the wrong question
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now