RE: ISA Server and sessions

From: Amit Manektala (Billy@A-t-g.com)
Date: 09/24/01 

Message-ID: <D04E9182D180FA41B0680FDF87F9A9393191@atgsrv.a-t-g.com>
From: Amit Manektala <Billy@A-t-g.com>
To: "'Los, Ralph'" <rlos@EnvestNet.com>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Subject: RE: ISA Server and sessions
Date: Mon, 24 Sep 2001 13:41:43 -0500

ISA does have the capability of handling this and you should do this by
using Server Publishing instead of Web Publishing.
Billy

-----Original Message-----
From: Los, Ralph [mailto:rlos@EnvestNet.com]
Sent: Monday, September 24, 2001 11:14 AM
To: 'focus-ms@securityfocus.com'
Subject: ISA Server and sessions
Sensitivity: Confidential

Hello all,

        I have a very straighforward question.

I have an IIS box that I need to proxy INTO from the web, for
this I am using an ISA Server. I have the config drawn below
currently in the architecture->build process and need input
on whether the ISA Server will be adaptive towards my needs.

Proxy/ISA box
  [||]
 Switch
  [||]
   |-Web Server/IIS5 (10.10.11.2)----ColdFusion Server (10.10.10.2)
   |-Web Server/IIS5 (10.10.11.3)----ColdFusion Server (10.10.10.3)
   |-Web Server/IIS5 (10.10.11.4)----ColdFusion Server (10.10.10.4)

As you can see, the Proxy is hiding more than a single IIS
box behind it. Each time a user logs into our site,
ColdFusion keeps a "session variable" on the CF Server (not
client!), therefore, forcing me to make sure my clients can
"keep state" with the IIS box of original login.

Also, I am doing port multiplexing versus having multiple
IP's per box...meaning, each box has a single IP, running a web
site on say, port 12000 (HHTP) and 22000 (HTTPS) and another
site on 12001 (HTTP) and 22001 (HTTPS) and so on.

        [I hope I didn't leave anyone confused].

The big question - CAN ISA handle this config, and HOW?

Ralph M. Los
Asst. Vice-President, Internet Systems and Security
EnvestnetPMC
rlos@envestnet.com
(312) 827-3945 (direct)
(312) 296-9003 (wireless w/voicemail)
* If you haven't been hacked, you don't know where your vulnerabilities lie*

Relevant Pages

  • ISA Server and sessions
    ... Subject: ISA Server and sessions ... the Proxy is hiding more than a single IIS ...
    (Focus-Microsoft)
  • RE: ISA Server and sessions
    ... Subject: ISA Server and sessions ... but not using web publishing. ... Web publishing "masks" the source IP because the inbound request is ...
    (Focus-Microsoft)
  • Re: ISA2004 problems in SBS2K3 Prem.
    ... Using the Microsoft Internet Security and Acceleration Server 2004 real-time monitoring feature, you can centrally monitor ISA Server computer activity. ... The Sessions view is refreshed automatically, each time a new session is identified by ISA Server. ... ISA Server lists sessions of the following types: Firewall client, SecureNAT, virtual private network client, VPN site-to-site, and Web Proxy. ...
    (microsoft.public.windows.server.sbs)
  • RE: Nimda.A and ISA server
    ... Subject: Nimda.A and ISA server ... What are the entries in the WEB...log relating to those sessions? ... ISA server is configured to not allow un-authenticated web sessions. ... Network Administrator / Infrastructure Specialist / Consultant Software ...
    (Focus-Microsoft)
  • Re: ISA Server and sessions
    ... Subject: ISA Server and sessions ... Web publishing for a website. ... the Proxy is hiding more than a single IIS ...
    (Focus-Microsoft)
Quantcast