Surf Control v5.5 TV Receiver User Manual

Open as PDF

of 77

SurfControl Web Filter for ISA v5.5 Starter Guide 9

NSTALLATION

ECISIONS

Network Considerations

NETWORK CONSIDERATIONS

You can install SurfControl on a single ISA Server or in multi-server arrays. In an ISA Standard Edition

installation, Web Filter is installed on a single ISA Server. In an ISA Enterprise Edition environment, Web

Filter is installed on multiple servers.

DEPLOYMENT RECOMMENDATIONS

SurfControl recommends the following when deploying Web Filter for ISA Server:

• If Web Filter for ISA Server is used as a proxy, it does not need to be installed in a specific location in

the LAN. However, if it is used as a firewall, consult the Microsoft ISA templates for network placement

recommendations.

• Use a firewall to deny HTTP traffic from all IP addresses except for the ISA server.

• Firewall clients should be configured so that the browser uses a proxy service.

DMZ RECOMMENDATIONS

In a perimeter network (DMZ) installation, Web Filter is installed on one or more ISA Servers located

between a perimeter firewall and an internal firewall. SurfControl recommends the following when

deploying Web Filter for ISA Server in the DMZ:

• If the ISA Server is part of the DMZ domain, Web Filter for ISA Server should be a member of the

domain that users log into.

• Is there a one-way or two-way trust relationship between the Web Filter ISA Server and the corporate

domains? Two-way trust relationships are very reliable. One-way trusts will cause problems if

configured to trust the wrong way.

• Are there multiple domain controllers? The ports required to query the domain controllers should

already be open via System Policy LDAP to localhost. If not, check to see which ports if any, must be

opened for this purpose.

When Web Filter for ISA is deployed in a DMZ, it may be unable to query the domain controllers for a

variety of reasons:

• It cannot resolve the IP addresses of the domain controllers.

• It is unable to authenticate to the domain controllers.

• Access is blocked by a firewall, preventing Web Filter from enumerating groups using NT objects.

To Resolve a domain controller name resolution issue:

• Add an entry to the LMHosts file on the Web Filter server(s) for the domain controllers. See the

following Microsoft KB article for more information: http://support.microsoft.com/

Default.aspx?kbid=180094

• Enable NETBIOS over IP on the Web Filter server(s).

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Surf Control v5.5 TV Receiver User Manual