What's the downfall to doing so. I know it comes installed by default on SBS. I'm not using it at the moment and I have no plans to but is there any harm that might happen?
-Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Marriott Sent: Monday, December 09, 2002 3:15 PM To: Exchange Discussions Subject: RE: ISA Server implementation for Exchange Don't ever put ISA on a DC. (unless you create a separate forest) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard Griffith Sent: Monday, December 09, 2002 3:44 PM To: Exchange Discussions Subject: ISA Server implementation for Exchange Ok, here is the situation. I'm assigned to a project regarding Internet Security and I've been pushed into a corner and need some help. How are most people deploying ISA Server within their company? Are they adding it as a member of their AD domain or making it stand alone? Let me explain why I'm asking. Our company is looking at doing a more secure DMZ. For my part of the project I need to present a way to continue to allow access to our Exchange services to outside users, for this example, we'll say just SMTP and OWA. Ok, here is the catch. Even though we already have a checkpoint firewall in place on the outside border of the DMZ they feel that we should add another firewall on the inside border and put ISA between them as a stand alone box. While this will work, it's not exactly the best in my opinion. This is what I'm proposing but I need ammo to back it up. I'm telling them leave the Checkpoint where it is and use the ISA server as the inside border firewall and allow it to be a member of the AD domain. Put the web servers in the DMZ (their decision not mine) and allow me to publish my Exchange services with ISA to the outside world. Granted, even though this will all still be behind the checkpoint firewall, they don't like it. They want a completely disconnected DMZ. I've tried explaining the ins and outs about how ISA will do just fine and block everything the way it should and how we can do packet content level filtering but I'm still getting the "you're wrong and stupid" looks from them. Can somebody point me in the right direction for GOOD technical or political ammo to back up what I've recommended. Or am I whistling in the wind???? TIA, Howard _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
