Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Microsoft ISA and OCS bypass Firewall problem.

Hi,

We are in process of installing the microsoft ISA server and also office communicatior server (OCS ). In order to make these applications available on internet we have placed both the servers in the DMZ region. With corrsponding Static entry with Public IP address in the ASA. Now the main problem is that both of these servers have second ethernet card and need to be connected directly to the inside region. ( in short one card will have IP from DMZ region and other card will have IP from inside region of firewall ) is it not bypassing the firewall? As traffic from one interface card can go to other interface card within the server itself bypassing the firewall - DMZ-to-Inside?

Is it not a security threat ?

any experience please share.

Thanks in advance

Subodh

1 REPLY

Re: Microsoft ISA and OCS bypass Firewall problem.

That is correct - in that case you might as well just plug the servers directly onto the internet!!

You could deploy a 2 layer firewall:-

Internet

|

FW1

|

DMZ

|

FW2

|

Inside

or depending on the type of firewall you could have multiple interfaces/vlans on the same device eg:-

internet

|

FW1 - DMZ

|

SVR

|

FW1 - DMZ2

|

Inside

HTH<

167
Views
0
Helpful
1
Replies
CreatePlease to create content