Internet Connection Sharing

[TDT]

Ok I have a bit of a simple question. Basically I have a network of about
35 Win2k Pc's and 2 Win2k servers. I also have a Firewall/Router connected
to the network which provides the internet connection.

I'm using static IP's (required by some software we use). Basically for the
users that are allowed internet access I simply enter the gateway & DNS
entries. This works fine and I have no problems with it.

However the Firewall/Router doesn't generate logs of internet access, or the
domains accessed. My question is basically, how can I give access to the
users of my network and log their activities?!

I also have a small Netgear RP-114 router from an old (and much smaller)
network setup, which provides the logs that I need! However it won't work
being connected into the LAN twice!!

I've tried Internet Connection Sharing on both a server and workstation but
obviously it will not work sharing the internet connection on the network it
exists on!

Confusion sets in! Any help appreciated

 

[TDT]

I have a hardware firewall but unfortunatly it doesn't supply logs on
domains accessed etc.

Am I able to install ISA server on a member server or must it be on the DC?
Also would that cure my problem of basically using one network connection ?
Sorry I can't explain my problem very well!

 

[Paul King]

Well lets just say ISA is a comprehensive solution and one that has to be
planned very well. You are right to say ISA has to be on the DC within
Active Directory.

The issue is that your clients are using the router/firewall as your default
gateway and therefore all local hops go through this device bypassing any
other devices you have on the network. ISA works basically as a gateway and
therefore all activity is logged. I'm really surprised that your
router/firewall doesn't have any logging capabilities.

I have installed a Firebox which allows you to setup groups on the firewall
and enable logging for those groups - so I know exactly what comes in and
out of the network

Unfortunately my friend this is not a simple solution, and one that cannot
really be solved by employing a 3rd party solution as you have many machines
on the LAN. The only thing that comes close is Norton Internet Security
(NIS) - but this only logs the activity of one machine and you would have to
purchase loads of licenses.

Regards
Paul.

 

[Scott Harding - MS MVP]

ISA server does NOT have to be on a Domain Controller. It doesn't even have
to be a member of the domain that you are using it in

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

scrockel@***No_SPAM***hotmail.com

 

[TDT]

Thanks for you help guys

Sorry Scott - I obviously got fed the wrong information. Still, I guess
this would have have to be acrefully planned onto the existing network.

Cheers
Paul.

network gateway