+ Post New Thread
Results 1 to 5 of 5
Windows Thread, ISA Server Configuration in Technical; Would like to get some opinions on the best way to configure a new ISA server that I am installing. ...
  1. #1
    actech's Avatar
    Join Date
    Mar 2008
    Location
    Australia
    Posts
    198
    Thank Post
    50
    Thanked 20 Times in 17 Posts
    Rep Power
    17

    Question ISA Server Configuration

    Would like to get some opinions on the best way to configure a new ISA server that I am installing. At the moment our network has a hardware firewall (called a busibox), with a machine running SurfControl monitoring web traffic. The problem is that if the machine with SurfControl goes down the internet becomes wide open.

    What I am thinking of doing is running an ISQ server as the web proxy with only the port 80 requests coming from it being allowed through the firewall machine. Do I set ISQ up as a single network adapter configuration and direct all machine to it as the web proxy server? Or is there a better way of doing it. Removing the Busibox is not an option as it is our ADSL modem and VPN box (that and the fact that the district office tell us we have to have it)

    Thanks in advance
    Last edited by actech; 9th September 2008 at 12:13 AM.

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    I don't use surfcontrol or busibox, but they are a proxy and a firewall respectively, aren't they? You just need to deny outbound port 80 traffic on the firewall, and allow it only from surfcontrol. No surfcontrol, no outbound traffic. Easy

  3. #3
    actech's Avatar
    Join Date
    Mar 2008
    Location
    Australia
    Posts
    198
    Thank Post
    50
    Thanked 20 Times in 17 Posts
    Rep Power
    17
    Surfcontrol is not a proxy just a web filter, but busibox is the firewall. What you are saying though is sort of what I want to do. Make the new ISA Server (with surfcontrol running as the web content filter) the proxy server and then deny all outbound port 80 traffic at the firewall unless it comes from the proxy.

    The question is the best way to configure ISQ to do this. I am not familiar with it and would like some better opinions first.

  4. #4
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    21
    I'm not familiar with busibox at all - but I'm reasonably familiar with ISA.

    It sounds like you want to use ISA as a kind of gateway which is what we have here.

    Here's one way you could implement what you want:

    1) Configure the busibox IP so it's a seperate range (say 192.168.200.x/255.255.0.0).
    2) Create the ISA server with 2 NICs, 1 connecting to your internal network and 1 which is on the same IP range as the busibox.
    3) Configure ISA to allow web-proxy requests on port 80 for the Internal network.
    4) Setup the ISA firewall rules so that ISA talks directly to the busibox.

    Now this won't necessarily stop people accessing the internet if SurfControl dies, but it will mean that no internet traffic (except from what you configure on the busibox) will ever get to your busibox except from the ISA server unless you specify otherwise.

    Is there an error message when your surfcontrol just dies?
    It might be worth looking into why your SC dies as well, so that you have a robust internet proxy/monitor box and your busibox is secure also.

    Hope this helps or sheds some light.

    Az

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,206
    Thank Post
    876
    Thanked 2,730 Times in 2,309 Posts
    Blog Entries
    11
    Rep Power
    782
    I run both Surfcontrol and ISA on the same box here. There is an option in the Surfcontol Web Filter application to block internet access if the filter crashes which should do what you are after. It would entail moving Surfcontrol to the ISA box though.

    Surfcontrol is junk when it comes to uptime, I also have the Web Filter service set to restart the service on the first to third failure and reset the failure count after 10 minutes to combat this a little. I think that one of the main reasons that it is unstable is that it treates its database like a dump and throws every little bit of rubbish at it continuously. Our experience with the software got better when we upgraded to a system with a faster disk system in it. I think that there is a flat file option that dumps the data to plaintext first that may help stability if I/O is a contributing factor.
    Last edited by SYNACK; 9th September 2008 at 12:32 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. isa server
    By ICT_GUY in forum Wireless Networks
    Replies: 8
    Last Post: 20th May 2008, 02:29 PM
  2. Server Rack Configuration Tool
    By mortstar in forum Wireless Networks
    Replies: 1
    Last Post: 21st January 2008, 12:04 PM
  3. RAID 5 Configuration On Server 2003
    By AngryITGuy in forum Windows
    Replies: 7
    Last Post: 17th January 2008, 09:21 PM
  4. Replies: 0
    Last Post: 8th February 2007, 03:58 PM
  5. ISA Server Email Server Publishing
    By Norphy in forum Windows
    Replies: 12
    Last Post: 26th May 2006, 01:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •