Wireless Networks Thread, isa server in Technical; I have the time limited demo of isa server installed and working for clients.
It is set up as a ...
20th May 2008, 02:04 PM #1
I have the time limited demo of isa server installed and working for clients.
It is set up as a caching proxy, and seems to be working well.
I have issues though.
1. I cannot access the internet from the isa server when logged on to it. That is when on the server if I fire up IE it gives an error (Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202) ) Thats with IE pointing itself, if pointing towards the normal school proxy it times out.
2. Is it possible to run IIS as well? Along with WSUS on the same server? I had it set up and it died.
IDG Tech News
20th May 2008, 02:10 PM #2
By default later versions of ISA do not allow web browsing from the local machine. There is a system ploicy you can change so that this will work.
I would not recommend running anything else on the ISA machine.
Thanks to ArchersIT from:
20th May 2008, 02:28 PM #3
Please can you give me your thoughts on why, ease of config or capacity maybe?
Originally Posted by ArchersIT
20th May 2008, 02:30 PM #4
Running something else increases the vulnerability of the isa machine as a firewall. So rather than only having ISA and windows to attack, you gain the vulnerabilities of, say, IIS. If the ISA box is your edge firewall, this is a huge risk.
Originally Posted by ICT_GUY
20th May 2008, 02:33 PM #5
IIS running on ISA would pose a security risk if run as an edge firewall. I guess as you are using it to cache only you have something else between the ISA and the internet?
Originally Posted by ICT_GUY
20th May 2008, 02:42 PM #6
I should mention that it is only being used as a proxy.
Though I could use it as a second firewall, at the momment its just to accellerate the kiddiwinks browsing.
20th May 2008, 02:50 PM #7
Also, double Doh!
Although I had allowed all internal networks access, the local host had been dnied by the default rule. So I fixed that doh!
20th May 2008, 02:58 PM #8
If it has no security role then it should be alright to add other services to it, you will just need to add rules to allow the specific traffic from the local network to the 'local host' ISA network and they should run fine. I run all of our mail and internet filtering on our ISA server and just have the managment ports open to the local side.
Admittedly given the amount of hits that it takes we had to get a big 8 core monster for it to be responsive to hosts and also handle all of the filtering database work. ISA and the web proxying are quite taxing on the hardware not because of the complexity of the requests but due to the shear number of requests that must be responded to quickly before people get ansy.
In this respect if you have a lot of clients running through the ISA proxy and it is not a hefty box in terms of simultanious processing it may not be a good idea to add the load of IIS and WSUS on it as well.
20th May 2008, 03:29 PM #9
As the other people have already said - the main reason is to reduce the attack profile.
In your case where you are not using it as an edge firewall then it may be possible to configure it correctly - but as has already been indicated, loading may be an issue.
By CESIL in forum Windows
Last Post: 22nd November 2007, 12:24 PM
By Zoom7000 in forum Windows
Last Post: 6th July 2007, 12:43 AM
By mrforgetful in forum Windows
Last Post: 17th June 2007, 02:51 PM
By ajbritton in forum Thin Client and Virtual Machines
Last Post: 31st August 2006, 07:19 AM
By pete in forum Wireless Networks
Last Post: 11th July 2006, 11:07 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)