ISA Server and SWGfL
I have seen from other posts that schools are using ISA servers on a SWGfL connection, we are thinking about doing the same and I am wondering what the pitfalls are going to be.
First of all, we would like to use our own internal IP range, so in essence this will cause double NAT'ing, has anyone else done this and have they encountered any problems?
Second was it possible to get SWGfL to open up more ports and the filtering so that can be done in house? We host quite a few webservices so this would be extremely beneficial.
Any help or advice would be greatly appreciated
I can't say specifically about ISA, but I've had various ports opened with SWGfL.
You'll have to fill in a change request form and state the reason you're looking to do this.
If you mentioned you are looking to do in-house filtering they should provide you with an IP address which is on their "internal proxy" list which gives that IP access to a dedicated unfiltered feed.
If you call 08453 077 870 and speak with Sokkah or any of the team they should be able to help.
We have ISA 2006 setup at our school through SWGfL, the only issue to note really is that they are adamant that they won't open port 25 any more. Luckily we have it open as we did it a long time ago now but there is another local school having a problem getting them to open it.
Our internal IP ranges are 172.18.*.* swgfl is 10.7.*.*
They will open Port25 - it took a lot of hassaling.
The reason we wanted Port 25 open was to the fact where we were connecting into the Microsoft Forefont External Anti-Spam service. We had to ask them to "provide" the features Microsoft did or we wanted the ports opened..
If anyone has any difficulty in getting port 25 opened, please let me know. I work for SWGfL and would be concerned that the service desk did not feel able to assist. Clearly we would wish to establish that you were aware of the security risks associated with opening up this particular port but also acknowledge that you are best placed to understand how to manage and mitigate such risks locally.
Please PM me if you have a problem, we are here to help not hinder.
We have also been told that port 25 cannot be opened. No sensible reason was given.
Recently we have had this alot with SWGFL - we wanted port 3389 opened inbound to one specific IP along with a dns entry of rdp.myschool.mylea.sch.uk - was told this was fine, but it never ever progressed - This was logged on the helpdesk in January and was finally resolved and now works, last week!
We do this OP - please PM me and I will put you in touch with my techie who is working on upgrading our now broken ISA 2006 box to TMG. It is definately possible to do the NATing, and we also use it to make a walled garden for students with infractions rather than a full ban.
Originally Posted by eddyc
I am very concerned that such a request has taken so long to resolve. If you can send me the ticket number by PM then I would like to investigate why something which should be relatively routine takes so long.
I must admit, I have always had good experience with SWGFL/SEGFL/RM and they haveb een very good with a project I am undertaking at the moment with SIP trunking...!
Perhaps it was a clerical error?
@RichardHarrisonSWGFL I'm afraid that we do not have any records of the case numbers as we have been told by our LEA that all change requests have to go through them - and so, if we contact SWGFL we are immediatley sent back to our LEA.
This sounds very odd to me. AFAIK, all SWGFL schools have access to the ESI system - where you can log your own calls for support or change requests. Before that SWGFL Support did the same thing. Please do follow this up with Richard - they do genuinely try to help. If you cant give the call ref, give him your establishment code - he, or you (if you go into ESI) can then look up the reference and get to the bottom of it.