ISA Server 2006 is the next version of the ISA firewall product line. In the past we’ve focused on the ISA firewall’s firewall components and how you can deploy the ISA firewall in a number of firewall roles, such as edge firewall, back-end firewall, services segment firewall, and wireless LAN firewall. We’ve been promoting the ISA firewall deployment concept for almost six years, and we’ll continue to do that.
One advantage of the Web Publishing scenario is that you can place the ISA firewall just about anywhere on the network. And one of the most popular deployment scenarios in a Web publishing only scenario is placement of a unihomed ISA firewall in Web proxy only mode in an existing firewall’s DMZ segment. The existing firewall can be a multihomed ISA firewall, or it can be any other kind of network firewall.
This article also represents a major departure from how I usually configure the ISA firewall in another way: the unihomed ISA firewall won’t be a member of an Active Directory domain. While domain membership significantly enhances the overall security the ISA firewall can provide when deployed in full firewall mode, this isn’t necessarily true when the ISA firewall is installed as a unihomed Web proxy server dedicated to Web publishing. This is especially the case with ISA Server 2006, given that we now have integrated support for LDAP authentication.Read Full Story