setting up frontend backend firewall

[watts3000]

I want to set up a frontend backend firewall setup. The frontend firewall will be a astaro and the backend will be isa server 2000. I have astaro in place running as a frontend. I than put isa server behind it but when I enter the isa servers ip address in as my proxy I can't get to the internet. Is there something that I must do on the frontend firewall for astaro to be able to gain internet access and proxy it to the internal lan clients. Also let me tell you the physical setup I have my cable modem connected to a switch the external interface of the astaro box and the isa server is also connected to that switch. The isa box is using the external interface is using the ip address of astaro's internal interface as its gateway.

 

[Thor86]

http://www.isaserver.org/

 

[skyking]

your setup will not work as far as I can tell, unless you have a sophisticated switch. If you want the frontend to be astaro, and the backend to be ISA server, then your physical setup should look like this:
cable modem----------Astaro box--------------ISA server-----------------LAN

Hooking everything to the same switch will not get it done, as far as I know.

 

[bigfatdonny]

Good luck with ISA 2000. I've had more problems with it than I can count. Stupid problems too. My rules would randomly dissappear, then magically reappear upon restarting the services. If you encounter the bug that won't allow HTTP traffic to someone logged into the console on the ISA server, it's a pain fixing that. The MS resolution for that on technet was not fun.

I have to agree with skyking, for the most part. You can get it done with one switch, but it's far more desirable to have a data path that can't by bypassed. Unless you have a very smart switch, someone could bypass the proxy server if so inclined/skilled.