OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
RE: ISA as a proxy

From: Przemek Radzikowski (przemekcapitalhead.com)
Date: Fri May 30 2008 - 13:07:25 CDT

To further expand on what Devin said, you could always utilize a wildcard
certificate such as *.yourcompany.com to enable ISA to publish multiple SSL
websites on port 443. Of course, you're limited to websites with
*.yourcompany.com but it might address your requirements.

--
Przemek (Shem) Radzikowski  -  ICT Solutions Architect / Security Specialist
MSc, BEng, BSc, MCP, MCPS, MCNPS, CPSA, TCSS, TCSP
NA +264 813641435 | BW +267 74639428 | MT +356 99431823 | AU +61 417952048 |
UK +44 7983105179
Capitalhead Ltd | http://capitalhead.com | skype: capitalhead

>-----Original Message-----
>From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
>On Behalf Of Devin Ganger
>Sent: Friday, 30 May 2008 6:57 PM
>To: Kelly Martinez; focus-mssecurityfocus.com
>Subject: RE: ISA as a proxy
>
>Yes, ISA supports publishing multiple web sites (secure or otherwise).
>Note, however, that if you're trying to publish multiple SSL sites you
>will need to place them on separate combinations of external ports and
>IP addresses (that is, a separate IP address for each site on port 443,
>a single IP address for all sites on separate ports, or some combination
>thereof) -- ISA does not have the built-in ability to concentrate
>multiple SSL sites into one external port/IP address.
>
>The Microsoft Internet Application Gateway appliance (formerly Whale
>Communications) does have that functionality, as another poster
>mentioned; it's built on top of ISA and is specifically designed for
>that scenario while providing a whole bunch of other cool functionality.
>
>--
>Devin L. Ganger, Exchange MVP Email: deving3sharp.com
>3Sharp Phone: 425.882.1032
>14700 NE 95th Suite 210 Cell: 425.239.2575
>Redmond, WA 98052 Fax: 425.558.5710
>(e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/
>
>
>-----Original Message-----
>From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
>On Behalf Of Kelly Martinez
>Sent: Friday, May 30, 2008 8:51 AM
>To: focus-mssecurityfocus.com
>Subject: RE: ISA as a proxy
>
>So I guess I have a question on ISA as a reverse proxy (as I'm not too
>familiar with the product).
>
>Does ISA support HTTPS/SSL through the proxy? How about to separate
>servers?
>
>Kelly
>
>
>-----Original Message-----
>From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
>On
>Behalf Of Guillermo Fontana
>Sent: Friday, May 30, 2008 12:05 AM
>To: focus-mssecurityfocus.com
>Subject: Re: ISA as a proxy
>
>Hello
>
>I have been using ISA 2006 as a web proxy for a year or so. It is used
>also as a reverse proxy (web publishing), and so far it's a stable
>product without any problems.
>
>It is important to dimension the size of the cache in advance so you
>don't have to resize it later. I'm currently using aprox. 30 GB and
>it's a fine size for 120 users.
>
>Regards,
>
>Willy
>
>
>On Wed, May 28, 2008 at 3:19 AM, <razcadent.co.il> wrote:
>>
>> hi
>>
>> i was wandering if anyone has any experiance with ISA 2006 functioning
>as
>a proxy and what are the conclusions
>>
>>
>> thanks