Yuri D. posted an interesting but innervating article over on his blog site about how he was having a problem with a customer who couldn’t get NLB to work.
Turned out that a 3rd party host-based firewall was running on the ISA firewall!
I’ve heard of such things in the past – but it always amazes me when I hear the question asked “can I install X host-based firewall on my ISA firewall?”
Before anything else, the ISA and TMG firewall is a firewall. All other functionality that ISA and TMG provides flow from the fact that ISA and TMG are firewalls – you can’t turn the firewall features and services off – since that what these products are – firewalls.
Sure, I know that some people think that the term “firewall” somehow connotes some type of “commodity” service – but that’s not how most people think. They think of “firewall” as a security service, and a particularly effective one. To “hide” the fact that the ISA or TMG firewall is a firewall does the product a disservice – and that’s not what here about at ISAserver.org!
Oh – I should mention – this customer actually installed an AV product on the ISA firewall, which also installed a host-based firewall. Ug. I’ve been there before so I can see how that can happen. However, that introduces another issue that I’ve covered in the past and won’t go into again this time. That’s my opinion that you do not need to put a host-based AV application on the firewall. While it is supported, you need to make sure you exclude certain directories.
Yuri goes over those details in his blog over at:
http://blogs.technet.com/yuridiogenes/archive/2009/10/22/the-firewall-madness.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)