ISA in DMZ (Member Server or plain Workgroup?)

ISA in DMZ (Member Server or plain Workgroup?) (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Server Security

Message

DariusM -> ISA in DMZ (Member Server or plain Workgroup?) (15.May2008 2:55:14 AM)
my requirements: 1. access OWA, OMA, RPC over HTTP my settings: BE and FE in trusted network. plan to implement ISA 2004 Std in DMZ to become the Frontend server for my outside users. i have watchguard firewall that has DMZ network, i will place this ISA machine in this network. my question: 1. do i need to join the ISA as member server in my domain? 2. or is it configured as WORKGROUP only 3. can i know the exact procedure/detailed how to host my FE using ISA? thank you for your time. please help me. regards

vnsl_it -> RE: ISA in DMZ (Member Server or plain Workgroup?) (15.May2008 5:26:59 AM)
Y have conf ISA client in y domain. If y want ISA to DMZ, ISA have 3 network card. I think y visit to isaserver.org seach everthing for ISA. good luck to y.

DariusM -> RE: ISA in DMZ (Member Server or plain Workgroup?) (15.May2008 5:51:25 AM)
quote: Y have conf ISA client in y domain. If y want ISA to DMZ, ISA have 3 network card. I think y visit to isaserver.org seach everthing for ISA. good luck to y. thanks for the reply man. i am configuring ISA to become the Frontend server of my BE Exchange, i have FE inside the trusted network, and my next implementation is ISA to be place in DMZ, i have appliance firewall that has DMZ network. in this article http://www.msexchange.org/tutorials/Configuring-ISA-Server-2004-Exchange-Frontend-Server-DMZ-Part1.html and http://www.msexchange.org/tutorials/Configuring-ISA-Server-2004-Exchange-Frontend-Server-DMZ-Part2.html i didn't find any information regarding the ISA server, if placed in DMZ, should i make this machine as member server of my domain or simply workgroup? thanks

knottyrope -> RE: ISA in DMZ (Member Server or plain Workgroup?) (29.May2008 5:10:31 PM)
Just use ISA as your firewall and run it in parrallel to your firedog. Yes you can add it to domain, thats my setup. ISA 2004 is as good as your firedog, ISA is 4 times faster than the others I use. I have 4 fire walls here with seperate IP xx.xx.xx.1 sonical wall for internet access xx.xx.xx.2 ISA 2004 for rpc /https/FTP xx.xx.xx.3 wireless access point for visitors xx.xx.xx.4 Cisco VPN concentrator

Sembee -> RE: ISA in DMZ (Member Server or plain Workgroup?) (30.May2008 2:27:46 PM)
My personal opinion would be that an ISA server as a member of the domain in the DMZ is a waste of time. The ISA server gets compromised the attacker walks straight in. The number of holes required in the firewall to get a member server to work makes it look like swiss cheese. Workgroup only for the ISA server, then if it gets compromised they don't get very far. Simon.

Page: [1]