Be careful with what exactly? Fixup? ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 **********************
> -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 22, 2004 9:11 AM > To: Exchange Discussions > Subject: RE: DMZ ports for Front End Server > > Be careful with that. It causes a number of issues as well. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Charlie > Kaiser > Sent: Thursday, July 22, 2004 9:06 AM > To: Exchange Discussions > Subject: RE: DMZ ports for Front End Server > > OK. Thanks! > > ********************** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > > > > -----Original Message----- > > From: knighTslayer [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 22, 2004 8:17 AM > > To: Exchange Discussions > > Subject: RE: DMZ ports for Front End Server > > > > The closest thing to ensuring that all is good in the packet is the > > 'fixup protocol http' command. > > > > Though this is limited and addresses issues like: > > > > URL logging of GET messages > > URL screening through N2H2 or Websense Java and ActiveX filtering > > > > These functions are for inside requests from the (O)utside of a PIX. > > > > Nothing on HTTPS either. > > > > So, I'd say no, or unless there is a revision that does support it > > that I don't know about. Maybe wait until a revision of the > software > > becomes available that does deep packet inspection (DPI) as > I believe > > all firewall vendors are moving this way. > > > > So, ISA behind a Pix for you then! > > > > K > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Charlie Kaiser > > Sent: 22 July 2004 15:09 > > To: Exchange Discussions > > Subject: RE: DMZ ports for Front End Server > > > > 515; 6.3(1) > > > > ********************** > > Charlie Kaiser > > MCSE, CCNA > > Systems Engineer > > Essex Credit / Brickwalk > > 510 595 5083 > > ********************** > > > > > > > -----Original Message----- > > > From: knighTslayer [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, July 22, 2004 7:02 AM > > > To: Exchange Discussions > > > Subject: RE: DMZ ports for Front End Server > > > > > > PIX model and IOS ver? > > > > > > Thanks > > > > > > K > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On > Behalf Of > > > Charlie Kaiser > > > Sent: 22 July 2004 14:41 > > > To: Exchange Discussions > > > Subject: RE: DMZ ports for Front End Server > > > > > > I'm not a firewall guy, so excuse me if this sounds ignorant. > > > :-) Will a PIX > > > do this? I'm wondering if we can use our current PIX to do > > this or if > > > I need to put in ISA if I plan to go this route when we do our > > > upcoming E2K3 migration. > > > Any documentation pointers would be wonderful... > > > Thanks! > > > > > > ********************** > > > Charlie Kaiser > > > MCSE, CCNA > > > Systems Engineer > > > Essex Credit / Brickwalk > > > 510 595 5083 > > > ********************** > > > > > > > > > > I'm pretty sure that this box can do this, only way to find > > > out is to > > > > give > > > > it a go. It should be documented. > > > > > > > > It is of my opinion that if you have a decent firewall > > and you are > > > > publishing services such as SMTP, FTP, HTTP, HTTPS or > > anything tcp > > > > based, then you should always use the proxy function on the > > > firewall. > > > > Depending on the firewall, it will protect against > > protocol attacks > > > > and more. > > > > > > > > ISA is a solution, but it adds an extra box to the > topology, its > > > > another machine to patch, maintain, license, power, air > > > condition etc. > > > > etc... > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > ext_mode=&lang > > > =english > > > To unsubscribe send a blank email to %%email.unsub%% > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been > contacted with. > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > ext_mode=&lang=english > > > To unsubscribe send a blank email to %%email.unsub%% > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been > contacted with. > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang > > =english > > To unsubscribe send a blank email to > > %%email.unsub%% > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe send a blank email to > > %%email.unsub%% > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
