ISA Server 2006 configuration
Posted on 2010-11-19
One of my clients is a software house - they design and develop software.
There current infrastructure using ISA 2006 Server, divided into two zones - internet and internal. This has worked very well until recently.
The problem is that the development team has been performing testing that affects the production network in a negative way. There run several Virtual Machine's (VM) and one of the VM is a a rogue DHCP server.
I would like to create a zone on ISA server just for R & D and call it the "Dev" zone. I would like Dev to have the same rules as internal zone.
I would also like to have almost full communication between the "Dev" and Internal zones (with a few exceptions on specific protocals) and I will use firewall rules to adjsut communication between the zones.
The ISA server has enough network ports, so creating the Dev zone should not be an issue.
I treid creating the Dev zone with its own distinxt ipo range, and encountered a few problems.
After creating the new DEV zone, firewall policies (not rules) prevent it from communicating with the internal zone although surfing the internet works; If I include the Dev ip range into the internal zone, communicating with the internal zone works but not internet.
Does anyone know how I can resolve these issues?
Thanks in advance.