Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Dec 2008
    Posts
    30

    Default ISA and SBS Again

    Hi ALL-
    I have a client with SBS2003, ISA2004 with 2 NICs.
    ISP T-1 -> ISA(SBSNIC1) -> SBS -> Switch(SBSNIC2) -> LAN

    ISA is being used for program control and logging. Disabling the second NIC is not an option.

    Soooo. My plan is to put UT in bridge mode between the ISP's Cisco and the SBS's External NIC.

    As I was driving to the office today I had the bad thought that I wouldnt know how to manage it. Generally I set them to DHCP and put it inside the LAN. It grabs an internal IP and I can get to it.

    BUT if I put it on the Outside of the SBS it wont pickup an IP and I couldn't think how I could give it an external.

    I saw a few posts saying put the UT on the other side of the SBS between the switch and the LAN.
    My issue is I dont see how that will stop spam. For web filtering I can see.
    My main use for UT is spam filtering.

    So after that long one. Any ideas?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    This configuration can be done...

    The UT needs a static IP that is in the ISP's provided T1 IP block. And, you're going to have to exempt the SBS's IP from the attack blocker.

    However, because you've got that SBS server doing NAT. The logs on the UT will be USELESS. Everything will be the SBS as far as UT is concerned. AD integration is out too...

    You're also going to have to make careful use of the packet filter to prevent unauthorized access to the HTTP/HTTPS/and SSH services.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Dec 2008
    Posts
    30

    Default

    Quote Originally Posted by sky-knight View Post
    This configuration can be done...

    The UT needs a static IP that is in the ISP's provided T1 IP block. And, you're going to have to exempt the SBS's IP from the attack blocker.

    However, because you've got that SBS server doing NAT. The logs on the UT will be USELESS. Everything will be the SBS as far as UT is concerned. AD integration is out too...

    You're also going to have to make careful use of the packet filter to prevent unauthorized access to the HTTP/HTTPS/and SSH services.
    I'm only using it for spam filtering. I may turn on the firewall at some point. No AD integration so thats not an issue. I have an extra IP to use in the ISPs block so that will work.

    I suppose my only other question then is remote management.

    I suppose it has to be left open? Or will UT consider it internal if I connect to that external IP from inside the lan. It would still be hitting UT on the Inside NIC. So theoretically I can turn off remote management. i think

    Thanks for the Tips. Your posts are *usually* helpful.
    (I'm an SBS guy, like the wizards, and also know how to work in an enterprise. You are anti SBS LOL.) no offense taken.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    "internal" works by source interface so that should work.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    Dec 2008
    Posts
    30

    Default

    thanks for the tip. I will post back results.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2