This may seem really stupid, and well it is.
I have a customer who is running ISA 2000 primarily as a web cache. It is not used for security in any way, in fact, users can just turn off their proxy settings and access the internet, so security is not really an issue here.
The box is 4 years old, and I have only just been engaged to allow a monitoring server access to ping the ISA server.
Easy I hear you say, just create a packet filter rule and viola, problem solvered!
No. Unfortunately since day one, the customer has had the "firewall service" deliberately stopped. Therefore adding/removing packet filter rule would appear to make zero difference.
So my question is as follows. On an ISA Server 2000 box (running on Win2k3), how can I allow an external machine (be it on the "internal" or "external" network) the ability to ping the ISA server, WITHOUT starting the Firewall service.
I know this doesn't seem like the right approach, but it's business contraints, not technical contraints under which I am working. So I need to be able to do this without starting the firewall service.
Any advice would be most appreciated.