ISA has a couple of nice features. One of them is SSL termination. For
example, if you have a web server that use SSL and is behind the firewall,
CP can't help you inspect traffic headed to it. With ISA, you do this:
Set the web server's external DNS entry to an IP address bound to the
external interface of the ISA server.
Install a copy of the SSL certificate on the ISA server bound to the above
IP address.
Set ISA to perform SSL Bridging.
The traffic looks like this:
External SSL connection inbound to web server -> CP -> ISA external
interface -> inbound traffic is decrypted and inspected by ISA -> Traffic
leaves the ISA server as a new SSL connection to the web server.
We use this feature and it works well. I think it's the one big feature
missing from CP.
We also use ISA for controlling outbound web traffic by user and HTTP virus
scanning. It keeps that workload off the firewall.
Another really neat feature is that the ISA inbound "listener" ignores
connections coming in by IP address and not the DNS name. It makes port
scanning virtually useless because ISA just ignores the traffic since the
connection is by IP address.
Ray
From: "Hawkins, Michael" <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] ISA Firewall Question
Date: Sun, 19 Feb 2006 09:31:25 -0500
If you are using websense or some other CVP/UFP server integrated with
FW-1 then ISA brings nothing except for AV protection.
Mike Hawkins
New York Office: 212-208-3888
White Plains Office: 914-729-2790
Mobile: 917-887-3614
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie
Elliott
Sent: Friday, February 10, 2006 12:36 PM
To: [email protected]
Subject: [FW-1] ISA Firewall Question
My customer is considering implementing Microsoft's ISA firewall/proxy
application as a secondary line of defense to their Check Point VPN1
solution and they want to get RPC over HTTP to work. Has anyone done
this
and what are the issues you ran into. Is there a doc on how to set this
up
somewhere?
Thanks,
Robbie
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The information contained in this email is confidential and may also
contain privileged information. Sender does not waive confidentiality or
legal privilege. If you are not the intended recipient please notify the
sender immediately; you should not retain this message or disclose its
content to anyone.
Internet communications are not secure or error free and the sender does
not accept any liability for the content of the email. Although emails are
routinely screened for viruses, the sender does not accept responsibility
for any damage caused. Replies to this email may be monitored.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
