none
Can ISA "proxy" Active Directory Authentication or Active Directory Domain Trust?

    Question

  • Hello World!
    We currently have a few Celestix ISA applicances that are used to proxy basic websites and would like to see if they can do more.  We have a "partner" domain that is in a DMZ, it has its own 2008 Active Directory Domain.  We currently have a 1-way trust between the partner domain and our enterprise domain.  The partner domain trusts our enterprise domain.  To facilitate this trust we have poked many a hole in our DMZ firewall to allow all the different ports required to chat between our Partner DCs and our Enterprise DCs (NOT OPTIMAL!)  In addition we do some password syncronization between accounts on the enterprise with accounts on the partner DCs using Microsoft Identity Integration Feature Pack and Password Change Notification Service on our internal DCs.

    ISA is not the primary firewall for communication between these LAN segments which could be an issue, it is dual homed with an interface on each LAN.

    I would like to hear any comments and/or experiences with this type of problem and understand wether or not ISA can manage this traffic.

    Thanks World!

    NorCalWingman
    Wednesday, July 15, 2009 3:42 PM

Answers

All replies