Solved

ISA 2006 vs Forefront

Posted on 2009-03-31
3
715 Views
Last Modified: 2012-05-06
I am in the middle of transitioning a SBS 2000 computer to 2 - Windows 2008 server's 64-bit, both are domain controllers.  I also have a Windows 2003 r2 machine in the same domain that is also a domain controller.  When I purchased all of the software, my rep sold me ISA 2006 knowing I was migrating to 64-bit servers.  

If I had to load ISA 2006 on the Windows 2003 Server, how would I have to configure the network?  Would the Windows 2003 server need to be the point of entry?  Would I be better off going to Forefront and what version or configuration.

Thanks for any suggestions
Debbie Hamatani
0
Comment
Question by:DebbieHamatani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Expert Comment

by:rmmustafa
ID: 24036308
Forefront is not finally released yet ,,, So forget it , ISA 2006  should be installed on 2003  32 bit OS (Stand alone server and it is not supported on Win 2008 or any 64 bit editions  ) , and all other servers (domain controllers ) could be 2008  64bit editions ,, It is not recommended for the ISA to be on a domain controller (it will be difficult to control the ISA itself access roles to allow usual domain traffic like user validations and so on )
You have two options for sitting up the ISA server , either as a members server  stand alone server where it will be a domain member , and on this case it will be possible for the ISA to read users from AD (even if its 2008 server ) and creating rules according to it ) , and the other option is to keep it on the edge of your network  not as a domain member  and on this case you will not be able to create any role according to AD users (you may create other type of roles ) ,,,,
Another option is available regarding to the DHCP if you are using it ,,, if you wish to maintain Internet connectivity if your domain is down ( all domain controllers are down ) you may install the DHCP on the ISA server (if you chose the second option because you wont be asked to authorize it  but if the ISA was a domain member then you have to authorize the DHCP on the domain and it will not function if the domain controllers were down ).
0
 

Author Comment

by:DebbieHamatani
ID: 24037977
Hi rmmustafa --

I have a Windows 2003 r2 machine that is a domain controller, but really only is my print server.  If I were to demote this server and load ISA I would be fine?

Thanks
0
 
LVL 3

Accepted Solution

by:
rmmustafa earned 250 total points
ID: 24048163
The major role is Do not install ISA on a domain controller , and it can live with Windows 2008 servers , so it looks good idea to demote one of the domain controllers and install ISA on it , if your have the original Windows server CD and license on hand then it might be better to start with clean installation , update it and start the ISA installation .
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TMG ISP Redudancy and DNS 11 671
Outlook Anywhere on ISA 2006 6 152
Alerting for account lockouts for TMG 1 135
Upgrade TMG 2010 to Latest roll up 5 2 236
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question