While not related to the ISA or TMG firewall, DirectAccess is something that all Microsoft firewall administrators will need to be aware of.
Why? Because DirectAccess is going to give external clients direct access to your network. That means no firewall, no proxy, no edge security device is going to be able to qualify and inspect the communications between these external clients and your corporate network.
Regardless of what you consider the security issues will be with DirectAccess, this is a new technology that will be included in Windows 7 clients and Windows Server 2008 R2 servers, and it’s going to change the way you work with and think about external clients.
Joseph Davies provides a nice introduction to DirectAccess in his article at:
http://technet.microsoft.com/en-us/magazine/2009.05.cableguy.aspx
BTW – you will see some interesting stuff regarding DirectAccess in the upcoming UAG, but that’s about all I can tell you right know. Let’s just say that you’re going to be very interested in UAG because DirectAccess requires IPv6, which is going to introduce complications and issues that you’ll need to address.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)