Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 7246 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ISA 2006

Doctor-Gerry

I am trying to set up ISA 2006 to publish our SMC 2.5 server. Does anyone know if this is possible? I have emailed Sophos support for advice, but this isn't really a good time for getting quick replies to non-urgent support queries (and, NO.....this is not some sort of a slag-off at Sophos.....I'm just remarking that my timing is pretty bad as recent events have led to Sophos support being quite busy at the moment).....

Anyway, if anyone does have experience in this area (I am a complete newbie......I am just trying to save my organisation from having to pay many hundreds of dollars to cinsultants to get this going for us), I have a couple of specific questions :

1. Do I need to somehow get a copy of the self-signed certificate from our SMC server to our ISA server? If so, how do I do this (I need to point the new web listener for SMC on the ISA box to a certificate, so I assume I need the same certificate that I used on the SMC box....?)

2. Do I use a ''non web server protocol publishing rule' to  publish the SMC server on the ISA box?

I am acutely conscious of the fact that if I do it wrong I will be basically opening the front gate into our network.....hence my fear of doing something wrong! So any advice would be most appreciated.

:32887


This thread was automatically locked due to age.
  • 0

    I'm using TMG 2010 (successor to ISA) and you can do it either way you've described.  The full proper way is method 1 - You put the certificate (public AND private key) on your ISA box (import it into the Computers certificate store) and then do a Web Publishing rule.   Or you can do just do a non-web publishing rule using Ports 80/443 (you can avoid 80 if you tell people to always connect to https://) to your SMC box.  The main difference is that using the 2nd method, the ISA/TMG server can't monitor the traffic going between them, but really as long as you're only opening up 80 and 443 there usually isn't much of a security issue, in my opinion.  

    :33001
  • 0

    OK, thanks for that. How do I get my certificate from the SMC box so that I can import it into the ISA box? I have fired up the 'certificates' MMC on the SMC box, but I can't see the self-signed certificate anywhere.?

    :33035
  • 0

    You may need to get support from Sophos on that one.  We actually purchased an external cert so SMC would work with the Android platform (this is a requirement) so I just imported the cert into SMC when I did the installation via the wizard, and it would also go onto ISA/TMG if you're using it for publishing. 

    :33213
Unfiltered HTML