+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, isa server in Technical; I have the time limited demo of isa server installed and working for clients. It is set up as a ...
  1. #1
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106

    isa server

    I have the time limited demo of isa server installed and working for clients.

    It is set up as a caching proxy, and seems to be working well.

    I have issues though.

    1. I cannot access the internet from the isa server when logged on to it. That is when on the server if I fire up IE it gives an error (Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202) ) Thats with IE pointing itself, if pointing towards the normal school proxy it times out.

    2. Is it possible to run IIS as well? Along with WSUS on the same server? I had it set up and it died.

  2. #2
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    21
    By default later versions of ISA do not allow web browsing from the local machine. There is a system ploicy you can change so that this will work.

    I would not recommend running anything else on the ISA machine.

    Jonathan

  3. Thanks to ArchersIT from:

    ICT_GUY (20th May 2008)

  4. #3
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Quote Originally Posted by ArchersIT View Post
    I would not recommend running anything else on the ISA machine.

    Jonathan
    Please can you give me your thoughts on why, ease of config or capacity maybe?

  5. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,302
    Thank Post
    523
    Thanked 2,593 Times in 2,012 Posts
    Blog Entries
    24
    Rep Power
    887
    Quote Originally Posted by ICT_GUY View Post
    Please can you give me your thoughts on why, ease of config or capacity maybe?
    Running something else increases the vulnerability of the isa machine as a firewall. So rather than only having ISA and windows to attack, you gain the vulnerabilities of, say, IIS. If the ISA box is your edge firewall, this is a huge risk.

  6. Thanks to localzuk from:

    ICT_GUY (20th May 2008)

  7. #5
    GlennT's Avatar
    Join Date
    Sep 2006
    Location
    Zummmerzet!
    Posts
    249
    Thank Post
    19
    Thanked 17 Times in 16 Posts
    Rep Power
    20
    Quote Originally Posted by ICT_GUY View Post
    Please can you give me your thoughts on why, ease of config or capacity maybe?
    IIS running on ISA would pose a security risk if run as an edge firewall. I guess as you are using it to cache only you have something else between the ISA and the internet?

  8. Thanks to GlennT from:

    ICT_GUY (20th May 2008)

  9. #6
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    I should mention that it is only being used as a proxy.

    Though I could use it as a second firewall, at the momment its just to accellerate the kiddiwinks browsing.

  10. #7
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Also, double Doh!

    Although I had allowed all internal networks access, the local host had been dnied by the default rule. So I fixed that doh!

  11. #8

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,267
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    If it has no security role then it should be alright to add other services to it, you will just need to add rules to allow the specific traffic from the local network to the 'local host' ISA network and they should run fine. I run all of our mail and internet filtering on our ISA server and just have the managment ports open to the local side.

    Admittedly given the amount of hits that it takes we had to get a big 8 core monster for it to be responsive to hosts and also handle all of the filtering database work. ISA and the web proxying are quite taxing on the hardware not because of the complexity of the requests but due to the shear number of requests that must be responded to quickly before people get ansy.

    In this respect if you have a lot of clients running through the ISA proxy and it is not a hefty box in terms of simultanious processing it may not be a good idea to add the load of IIS and WSUS on it as well.

  12. #9
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    21
    As the other people have already said - the main reason is to reduce the attack profile.

    In your case where you are not using it as an edge firewall then it may be possible to configure it correctly - but as has already been indicated, loading may be an issue.

    Jonathan



SHARE:
+ Post New Thread

Similar Threads

  1. Windows Server 2003 - time server settings
    By CESIL in forum Windows
    Replies: 4
    Last Post: 22nd November 2007, 12:24 PM
  2. Replies: 5
    Last Post: 6th July 2007, 12:43 AM
  3. Windows Server 2003 File Server Resource Manager
    By mrforgetful in forum Windows
    Replies: 1
    Last Post: 17th June 2007, 02:51 PM
  4. Virtual Server 2005 R2 kills server network connection
    By ajbritton in forum Thin Client and Virtual Machines
    Replies: 0
    Last Post: 31st August 2006, 07:19 AM
  5. Downsides to passing tftp server via 2003 DHCP server?
    By pete in forum Wireless Networks
    Replies: 7
    Last Post: 11th July 2006, 11:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •