Internet Related/Filtering/Firewall Thread, ISA 2006, Frog and Port 8443 in Technical; We have just installed a Frog Server. It has two IP addresses. One for the standard web connection and the ...
23rd July 2010, 09:44 AM #1
ISA 2006, Frog and Port 8443
We have just installed a Frog Server. It has two IP addresses. One for the standard web connection and the other for management.
Frog have asked that we open up port 8443 to the management IP address.
All our incoming traffic is sent through an ISA server sitting in a DMZ. The ISA is set up in Single NIC configuration and basically just forwards web requests to the relevent servers.
The only ports open between the Internet and the ISA are 80 and 443. Am I right in thinking that I can use the bridging options to accept requests on 443 and forward them to the Frog server on port 8443? Will this work?
I'm currently struggling but I think this maybe becuase the Frog server currently has a self signed (and therefore untrusted) certificate. Will ISA not work at all (with SSL) without a trusted certificate?
Sorry, my knowledge of ISA is very limited and I'm learning it as I go.
IDG Tech News
22nd August 2010, 06:34 PM #2
- Rep Power
I dont believe this will work, because the ISA has only one NIC it cannot act as a firewall and therefore any publishing rules shouldnt work? It has to have a trusted and untrusted network to provide any protection.
23rd August 2010, 12:22 AM #3
ISA works at Layer 4 so it IS possible to have Web Publishing rules on a Single NIC ISA however not a simple task and certainly not an easy job for the uninitiated.
Frog have asked you to open ports to the server which is a Server Publishing rule and a job for a firewall.
I cant help you much beyond these few tips as without knowledge of your topology, firewalls, server configs etc I might make things worse.
As the ISA needs to present the Frogs URL to external users as though it was it's own the mismatched SSL or SSL pass thru settings are a contributory factor.
You probably have an existing https web publishing rule for email etc so I would make sure that you have backed up your ISA config files first and look at using this publishing rule as a template for your Frog Servers Web Publishing Rules.
If the Frog server can generate a self signed wildcard certificate similar to *.my domain.co.uk you might be able to export it out as a .cer file and use this in the ISA publishing rule.
This link has some useful stuff regarding ISA web publishing rules.
ISA 2006 Single Network Adapter Configuration and Publishing Mail Server
Best of luck you're going to need it...
By nicholab in forum Internet Related/Filtering/Firewall
Last Post: 19th June 2009, 07:13 AM
By mattstevenson2005 in forum Internet Related/Filtering/Firewall
Last Post: 14th May 2009, 02:36 PM
By AdamR78 in forum Internet Related/Filtering/Firewall
Last Post: 23rd February 2009, 09:53 AM
By skunk in forum Windows
Last Post: 18th October 2007, 11:36 AM
By UBBERgoose in forum Windows
Last Post: 23rd August 2007, 09:26 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)