I was expecting a long day today....
I knew that this proof of concept was more demanding, as we were looking to use AD, RSA and KCD authentication, and deploy a number of applications.
The trunk was created and it was configured to use RSA (via ACE server) and Windows 2003 (using KCD), but with this configured the login page would not be delivered.
We agreed to disable the KCD in order to carry on with the POC. The next issue was RSA!! The RSA client is installed on the appliance, but required RSA files to be copied on to the appliance to get it to work. I don't deal with RSA, but fortunately the customer resolved this.
After a little confusion about RPC access, we should be clear. The IAG appliance does not support the use of ISA features!! The ISA is there for the SSL-VPN and the ISA features should not be used for anything else!
We deployed OWA, Citrix, Sharepoint, File Access (using a NetApp filer), Network Access, RDP sessions, telnet, as well as discussed policies and customisation.
Outlook access was being left on the MSA appliance, where ISA would manage the RPC connection.
I expected difficulties with the NetApp filer, but as it can be accessed via NETBIOS, all the shares were visable through the File Access application.
The POC went smoothly and it was fortunate that I was working with someone technical! Some of the issues I'd normally have to work around with HOST files or self signed certificates were avoided as the customer knew what to expect! Thanks Matt!
A Cyber Security professional, who currently holds EU GDPR Practitioner, CISSP, MCSE:Security and MCTS certifications.
Showing posts with label ISA. Show all posts
Showing posts with label ISA. Show all posts
Tuesday, 8 September 2009
Tuesday, 18 August 2009
Websense as well....
I guess from reading this blog, you would assume that I only work with Celestix products! I have to say it feels a bit like that recently has I'm running a 3-4 IAG web demonstrations a week now, along with evaluation and real installations.
I work with Websense a lot as well, and it's easy to forget that Websense not only provide web filtering, but also email and data security products.
Today, I ran a web demo for a Websense Web Security solution, which runs perfectly in an ISA environment, including the Celestix MSA appliances. The discussion turned to Web 2.0 and user generated content, where a solution such as Websense Web Security Gateway comes into its own.
Websense WSG, has to run on a Linux platform and will not run on Windows. This solution can be the proxy and cache server, negating the need for a third party proxy such as Bluecoat or Microsoft ISA server.
WSG runs an anti virus scanner at the gateway, which is not supplied with Websense Web Security, but could be an add-on for Microsoft ISA server, where something like Avira AntiVir for ISA Server would work.
Another shortcoming of Websense Web Filter or Web Security is that it can not deal with user generated content or SSL encrypted content.
Traditional web filtering solutions can not filter feeds into pages such as iGoogle. The page is "seen" as being google.com so completely allows it, the problem is that iGoogle can have feeds from Hotmail, GMail, Facebook, etc which are normally blocked. By using WSG, the individual feeds can be allowed, blocked, quota'd or confirmed.
Traditional web filtering solutions will not be able to filter SSL packets, but the Linux gateway will be able to be the "man in the middle", where it will be able to decrypt, inspect, and either discard the packet or re-encrypt the packet and forward it on.
Content inspection can also be carried out on the fly!!
With all these features of dynamic user content filtering, SSL filtering, on the fly content filtering, why are users on jumping at this product? The issue is not really price, but rather the Linux server that the software must run on!! It's amazing how many people are still put off my Linux!!
I work with Websense a lot as well, and it's easy to forget that Websense not only provide web filtering, but also email and data security products.
Today, I ran a web demo for a Websense Web Security solution, which runs perfectly in an ISA environment, including the Celestix MSA appliances. The discussion turned to Web 2.0 and user generated content, where a solution such as Websense Web Security Gateway comes into its own.
Websense WSG, has to run on a Linux platform and will not run on Windows. This solution can be the proxy and cache server, negating the need for a third party proxy such as Bluecoat or Microsoft ISA server.
WSG runs an anti virus scanner at the gateway, which is not supplied with Websense Web Security, but could be an add-on for Microsoft ISA server, where something like Avira AntiVir for ISA Server would work.
Another shortcoming of Websense Web Filter or Web Security is that it can not deal with user generated content or SSL encrypted content.
Traditional web filtering solutions can not filter feeds into pages such as iGoogle. The page is "seen" as being google.com so completely allows it, the problem is that iGoogle can have feeds from Hotmail, GMail, Facebook, etc which are normally blocked. By using WSG, the individual feeds can be allowed, blocked, quota'd or confirmed.
Traditional web filtering solutions will not be able to filter SSL packets, but the Linux gateway will be able to be the "man in the middle", where it will be able to decrypt, inspect, and either discard the packet or re-encrypt the packet and forward it on.
Content inspection can also be carried out on the fly!!
With all these features of dynamic user content filtering, SSL filtering, on the fly content filtering, why are users on jumping at this product? The issue is not really price, but rather the Linux server that the software must run on!! It's amazing how many people are still put off my Linux!!
Friday, 7 August 2009
Celestix and Microsoft ISA
For the last three years, I've been working at e92plus as the Technical Manager. We have a portfolio of products, some have gone since then, some new ones have come, but the one I took a shine to was Celestix.
Celestix make hardened Windows appliances that run Microsoft ISA Server, and Microsoft IAG Server.
I have been a Microsoft Certified Professional (MCP) since 1998... (yes, I'm that old and then some!) and have worked with NT3.51 through to Windows 2008.
It seemed like the logical step for me to take the Celestix product range under my wing.
I started playing with Windows ISA 2006 nearly three years ago, but a majority of these deployments have been as a proxy and cache, but have seen the other flavours as well.
Any way the point of this post is to list the useful resources that have helped me along the way:
http://www.isaserver.org/ - A proper ISA guru - Thanks Tom! :)
http://blog.msfirewall.org.uk/ - Jason Jones of Silversands is an MVP based in the UK
http://tmgblog.richardhicks.com/ - Recently I meet Richard Hicks of Celestix, and this is his blog
Celestix make hardened Windows appliances that run Microsoft ISA Server, and Microsoft IAG Server.
I have been a Microsoft Certified Professional (MCP) since 1998... (yes, I'm that old and then some!) and have worked with NT3.51 through to Windows 2008.
It seemed like the logical step for me to take the Celestix product range under my wing.
I started playing with Windows ISA 2006 nearly three years ago, but a majority of these deployments have been as a proxy and cache, but have seen the other flavours as well.
Any way the point of this post is to list the useful resources that have helped me along the way:
http://www.isaserver.org/ - A proper ISA guru - Thanks Tom! :)
http://blog.msfirewall.org.uk/ - Jason Jones of Silversands is an MVP based in the UK
http://tmgblog.richardhicks.com/ - Recently I meet Richard Hicks of Celestix, and this is his blog
Subscribe to:
Posts (Atom)