Re: [fw-wiz] PIX -> ISA -> OWA Configuration

• Previous message: Sanford Reed: "RE: [fw-wiz] PIX -> ISA -> OWA Configuration"
• In reply to: Paul Melson: "RE: [fw-wiz] PIX -> ISA -> OWA Configuration"
• Next in thread: Jason Gomes: "Re: [fw-wiz] PIX -> ISA -> OWA Configuration"
• Reply: Jason Gomes: "Re: [fw-wiz] PIX -> ISA -> OWA Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Tue, 3 May 2005 12:59:56 -0500

> > -----Original Message-----
> > What is the preferred placement for a OWA front-end server given these
> > two possible network configurations and why?
> >
> > 1) [Internet] <==> [PIX Firewall] <==> [ISA Proxy] <==> [PIX Firewall]
> > <==> [OWA] <==> [Internal Net w/Exchange Svr]
> >
> > 2) [Internet] <==> [PIX Firewall] <==> [ISA Proxy] <==> [OWA] <==>
> > [PIX Firewall] <==> [Internal Net w/Exchange Svr]

None of the above. Use a second, different firewall to control the
Windows-protocol communication between the OWA server and your
internal trusted network, like so:

3) [Internet] <==> [PIX Firewall] <==> [ISA Proxy] <==>
[OWA with Host-based IPS] <==> [Different Firewall] <==>
[Internal Exchange Svr with Host-based IPS]

In this scenario, any one element in the path can be vulnerable
at any moment in time and the internal resources remain protected.

Of course the next question is if you are going to this extreme,
why involve the Microsoft ISA proxy at all? Why not just replace
the " [PIX Firewall] <==> [ISA Proxy] <==>" part of the chain
with a more complex firewall capable of handling the combined
tasks of SSL acceleration and URL filtering?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Sanford Reed: "RE: [fw-wiz] PIX -> ISA -> OWA Configuration"
• In reply to: Paul Melson: "RE: [fw-wiz] PIX -> ISA -> OWA Configuration"
• Next in thread: Jason Gomes: "Re: [fw-wiz] PIX -> ISA -> OWA Configuration"
• Reply: Jason Gomes: "Re: [fw-wiz] PIX -> ISA -> OWA Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages XP Fire wall ... For example if we take Windows Firewall at the moment you ... a feature which taking you example Zone Alarm does have. ... using different network configurations and different ... (microsoft.public.windowsxp.security_admin) Re: remote front panel cannot load in browser but works from labview ... However, if you're running WindowsXP SP2, then you have a second firewall enabled also. ... do you have a PC \ Laptop that doesn't have any of your companie's network configurations \ firewall software installed that you could try this on? ... (comp.lang.labview) RE: front-end OWA server ... Is the OWA server part of the same domain as the exchange server? ... You should not have to route through the firewall to make this ... sounds like you have NAT going on with the DMZ subnet and the local LAN ... > So all devices in the DMZ subnet could use NAT to an external IP address. ... (microsoft.public.exchange.admin) RE: front-end OWA server ... Is the OWA server part of the same domain as the exchange server? ... You should not have to route through the firewall to make this ... sounds like you have NAT going on with the DMZ subnet and the local LAN ... > So all devices in the DMZ subnet could use NAT to an external IP address. ... (microsoft.public.exchange.misc) Re: Modify the URL of OWA ... Is your Exchange OWA Server facing the internet directly or do you have ISA ... I am posting this hoping to get some step by step instruction on how ... There is a watchguard firewall but the traffic is forwarded to the ... (microsoft.public.exchange.admin)