So, I thought I’d set up an ISA Server firewall. While I already have two other firewalls on other network segments, ISA allows you to make Exchange available with good security. So, I built a standalone machine and put ISA Server on it. So far, I’ve spent two days with no luck. It looks like I have to do all of the following:
- Install the Secure NAT client on the Exchange server. I don’t want to do this, becuase I don’t like installing anything on the Exchange server. However, it appears to be necessary to make Exchange publish-able.
- Get a new SSL certificate for the ISA server. Of course, since I tore down my internal CA a month or so ago, that means I have to either set it up again (a pain) or buy an external certificate (a bigger pain).
- Go buy Tom Shinder’s book. I probably should have done this already.
So, that’s what I’m going to be doing, probably for the rest of this week, unless I get a better offer. Right now, Halo is looking pretty inviting. (At least I set up a new blog for e2ksecurity.com, which will be visible as soon as the DNS gods feel like it.)
Paul's Down-Home Page 