I'm currently in the process of replacing two ISA servers at a school with a Sophos SG and came across a bit of a problem.
Here's a bit of information on the current set up...
The two ISA servers are named ISA-01 (on 192.168.140.3) and ISA-02 (on 192.168.140.5). Machines on the network use ISA-01 (192.168.140.3) as their default gateway.
They have two external lines providing internet access. ISA-01 provides external internet access through a filtered school grid network and ISA-02 provides external internet access through an unfiltered BT line.
Student users have a group policy configured which sets their IE proxy address to point to ISA-01, this then allows students to access the internet through the school grid network which is filtered. Staff users have a group policy configured which sets their IE proxy address to point to ISA-02, this then allows staff to access the internet through the BT line which is unfiltered.
The school requires the same setup as above with the Sophos SG device. Users need to be routed out to the internet, and depending on which proxy address is defined they'll go out either through the school grid network, or the BT line. The problem is that I don't believe the Sophos SG device can route traffic based on the proxy address specified on the client machine.
Initially I thought of creating two interfaces, one on 192.168.140.3 and one on 192.168.140.5, both representing the existing ISA servers, and then creating a policy route based on source interface. Having looked into this I've discovered it won't be possible as you can't have two interfaces belonging to the same subnet.
I'm hoping there's some easy way of doing this however I'm starting to think that the only solution would be to split the students and staff onto separate subnets and route traffic that way which would require quite a bit of work. I just wondered if anyone had come across a similar problem and had any solutions or suggestions?
This thread was automatically locked due to age.
