Firewall Wizards: Re: PIX -> ISA -> OWA Configuration

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: PIX -> ISA -> OWA Configuration

From: Danny <nocmonkey () gmail com>
Date: Thu, 5 May 2005 14:25:48 -0400

On 5/1/05, Jason Gomes <greyline () phreaker net> wrote:

What is the preferred placement for a OWA front-end server given these
two possible network configurations and why?

1) [Internet] <==> [PIX Firewall] <==> [ISA Proxy] <==> [PIX Firewall]
<==> [OWA] <==> [Internal Net w/Exchange Svr]

2) [Internet] <==> [PIX Firewall] <==> [ISA Proxy] <==> [OWA] <==> [PIX
Firewall] <==> [Internal Net w/Exchange Svr]

Notes:
The ISA server is performing a reverse proxy for HTTPS connections.
In #1, the backend firewall will only allow port 443 through to OWA.
In #2, all ports required for OWA to communicate with the internal
exchange server is allowed.


What type of clients?  Road warrior employees with laptops? If so, how about:

3) Verified client with proprietary VPN client and AES 256 -> Big bad
Innernat -> Firewall only allowing connections from proprietary VPN
client -> ISA Proxy -> OWA & Exchange

...D
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

RE: PIX -> ISA -> OWA Configuration, (continued)
- RE: PIX -> ISA -> OWA Configuration Paul Melson (May 02)
- Re: PIX -> ISA -> OWA Configuration Danny (May 05)
- Re: PIX -> ISA -> OWA Configuration Jason Gomes (May 03)
  - RE: PIX -> ISA -> OWA Configuration Paul Melson (May 03)
    - Re: PIX -> ISA -> OWA Configuration Kevin (May 05)
    - Re: PIX -> ISA -> OWA Configuration Jason Gomes (May 05)
    - RE: PIX -> ISA -> OWA Configuration Frank Knobbe (May 05)