Re: ISA Server and sessions

From: akomolafe (deji@prontomail.com)
Date: 09/24/01 

Message-ID: <004901c1452d$358a3760$f701fe0a@commtouch.com>
From: "akomolafe" <deji@prontomail.com>
To: "Los, Ralph" <rlos@EnvestNet.com>, <focus-ms@securityfocus.com>
Subject: Re: ISA Server and sessions
Date: Mon, 24 Sep 2001 12:15:01 -0700

First, you will get better help with this if you post it to the ISA
newsgroup.

ISA should be able to do this, but you will have to do the leg-work. You
will not be able to publish these sites using the regular web pulishing rule
in ISA. You will have to create a destination set for each of those port
permutations/combination and then use Server Publishing rule to publish each
of them. Read
http://www.isaserver.org/pages/tutorials/install_configure_ftp_server.htm .
Even though that discusses FTP, you can apply the same logic to any service
you want published. There is a drawback to using Server publish instead of
Web publishing for a website.

HTH
deji

----- Original Message -----
From: "Los, Ralph" <rlos@EnvestNet.com>
To: <focus-ms@securityfocus.com>
Sent: Monday, September 24, 2001 9:14 AM
Subject: ISA Server and sessions

> Hello all,
>
> I have a very straighforward question.
>
> I have an IIS box that I need to proxy INTO from the web, for
> this I am using an ISA Server. I have the config drawn below
> currently in the architecture->build process and need input
> on whether the ISA Server will be adaptive towards my needs.
>
> Proxy/ISA box
> [||]
> Switch
> [||]
> |-Web Server/IIS5 (10.10.11.2)----ColdFusion Server (10.10.10.2)
> |-Web Server/IIS5 (10.10.11.3)----ColdFusion Server (10.10.10.3)
> |-Web Server/IIS5 (10.10.11.4)----ColdFusion Server (10.10.10.4)
>
> As you can see, the Proxy is hiding more than a single IIS
> box behind it. Each time a user logs into our site,
> ColdFusion keeps a "session variable" on the CF Server (not
> client!), therefore, forcing me to make sure my clients can
> "keep state" with the IIS box of original login.
>
> Also, I am doing port multiplexing versus having multiple
> IP's per box...meaning, each box has a single IP, running a web
> site on say, port 12000 (HHTP) and 22000 (HTTPS) and another
> site on 12001 (HTTP) and 22001 (HTTPS) and so on.
>
> [I hope I didn't leave anyone confused].
>
> The big question - CAN ISA handle this config, and HOW?
>
>
> Ralph M. Los
> Asst. Vice-President, Internet Systems and Security
> EnvestnetPMC
> rlos@envestnet.com
> (312) 827-3945 (direct)
> (312) 296-9003 (wireless w/voicemail)
> * If you haven't been hacked, you don't know where your vulnerabilities
lie*
>

Relevant Pages

  • ISA Server and sessions
    ... Subject: ISA Server and sessions ... the Proxy is hiding more than a single IIS ...
    (Focus-Microsoft)
  • RE: ISA Server and sessions
    ... Subject: ISA Server and sessions ... but not using web publishing. ... Web publishing "masks" the source IP because the inbound request is ...
    (Focus-Microsoft)
  • Re: ISA2004 problems in SBS2K3 Prem.
    ... Using the Microsoft Internet Security and Acceleration Server 2004 real-time monitoring feature, you can centrally monitor ISA Server computer activity. ... The Sessions view is refreshed automatically, each time a new session is identified by ISA Server. ... ISA Server lists sessions of the following types: Firewall client, SecureNAT, virtual private network client, VPN site-to-site, and Web Proxy. ...
    (microsoft.public.windows.server.sbs)
  • RE: Nimda.A and ISA server
    ... Subject: Nimda.A and ISA server ... What are the entries in the WEB...log relating to those sessions? ... ISA server is configured to not allow un-authenticated web sessions. ... Network Administrator / Infrastructure Specialist / Consultant Software ...
    (Focus-Microsoft)
  • RE: ISA Server and sessions
    ... Subject: ISA Server and sessions ... using Server Publishing instead of Web Publishing. ... the Proxy is hiding more than a single IIS ...
    (Focus-Microsoft)
Quantcast