Personally, I'd suggest moving the ISA server behind the firewall, and not in the DMZ. There's no reason for it to be there, unless you're using it as a reverse proxy as well. In that case, it should be a separate box from what your internal users are using to surf.
At this point, putting the ISA box in a DMZ is less secure, because of the necessary ports. I'd also set the firewall such that outbound HTTP traffic can only originate from the ISA box. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 03, 2003 10:26 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Active Directory and ISA Server > > > > Bonjour, > > I have an AD domain named si.fr > I have a DMZ protected by Firewall1 > In my DMZ, I have an ISA Server, which is not member of my domain. The > server is in a workgroup. > > I would like to control Internet Access with the username. > The names are in > my domain. > > Is it possible ? > > If not, I can join the domain. But which TCP/IP ports should > I declare on > my internal firewall ? > > Merci > > Cordialement > > Frederic AGNES > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
