“I have an ISA firewall in the DMZ”
What does this mean?
Does the ISA firewall have an external interface connected to the Internet and an internal interface connected to the DMZ?
Does the ISA firewall have an external interface connected to a DMZ and an internal interface connected to the private corporate network?
Does the ISA firewall have an external interface in an anonymous access DMZ and an internal interface in an authenticated access DMZ?
Does the ISA firewall have 9 NICs, with 5 of them in DMZs and 4 in private corporate networks?
OR, is it the most dreaded possibility:
Does the single-NIC (caponized) ISA firewall have its only, solitary interface in a DMZ segment between two "firewalls" (invariably souped up routers with a FIREWALL sticker on their bezels)
MORAL OF THE STORY:
Tell us about the relevent network topology. “In the DMZ” means as much as “open a port” (cf. http://www.tacteam.net/openport.htm)
Thomas W Shinder, M.D.
MVP — ISA Firewalls