You are previewing Microsoft® Internet Security and Acceleration (ISA) Server 2004 Administrator's Pocket Consultant.
O'Reilly logo
Microsoft® Internet Security and Acceleration (ISA) Server 2004 Administrator's Pocket Consultant

Book Description

Here’s the utterly practical, pocket-sized reference for IT professionals who need to deliver security-enhanced Internet connectivity, fast Web access, and lower costs to their organizations. This unique guide provides essential details for using Microsoft Internet Security and Acceleration (ISA) Server 2004 to help protect and accelerate your e-business—whether it’s migrating from Proxy Server; employing the extensible, multilayer enterprise firewall; managing group access, configuration, and rules; monitoring usage and performance; detecting network intrusions; or performing other key tasks. Featuring quick-reference tables, lists, and step-by-step instructions, this handy, one-stop guide provides fast, accurate answers on the spot—whether you’re at your desk or in the field!

Table of Contents

  1. Microsoft® Internet Security and Acceleration (ISA) Server 2004 Administrator’s Pocket Consultant
  2. Tables
  3. Acknowledgements
  4. Introduction
    1. Support
  5. 1. Overview of Microsoft ISA Server 2004 Administration
    1. ISA Server Capabilities
    2. How ISA Server Operates as a Caching and Firewall Server
      1. Firewall: The Secure Server
      2. Caching: The Acceleration Server
    3. Differences Between ISA Server 2000 and ISA Server 2004
    4. Choosing the Right ISA Server for Your Environment
    5. Product Editions and Requirements
      1. ISA Server 2004 with Small Business Server
        1. Scalability
        2. Hardware and Software
        3. Licensing
      2. ISA Server 2004 Standard Edition
        1. Scalability
        2. Hardware and Software
        3. Licensing
      3. ISA Server 2004 Enterprise Edition
        1. Scalability
        2. Hardware and Software
        3. Licensing
    6. ISA Server Tools and Utilities
      1. The ISA Server 2004 Management Console
        1. Monitoring
        2. Firewall Policy
        3. Virtual Private Networks (VPN)
        4. Configuration
      2. ISA Server Wizards
      3. Tools
      4. Extending ISA Server
    7. Administering ISA Server Remotely
      1. ISA Management Console
      2. Terminal Services
      3. Remote Control Applications
    8. ISA Server Community
  6. 2. Installing and Configuring Microsoft ISA Server 2004 Standard Edition
    1. Before You Begin
    2. Where Not to Install ISA Server
    3. Installing ISA Server 2004 Standard Edition
      1. Installing the Firewall Client Installation Share and Message Screener
    4. Installing ISA Server 2004 Standard Edition with a Single Network Adapter
      1. Functionality Available with ISA Server Configured with a Single Network Adapter
    5. Patching ISA Server 2004 Standard Edition
    6. Installing ISA Server 2004 Standard Edition Unattended
      1. ISA Server Setup Command-Line Parameters
      2. Troubleshooting Setup
    7. Uninstalling ISA Server 2004 Standard Edition
    8. Installing ISA Server Administration Tools
      1. Installing ISA Server Administration Tools on a workstation
      2. Installing ISA Server Administration Tools on the ISA server
        1. Connecting to Remote ISA Server Using ISA Management Console
    9. Renaming an ISA Server 2004 Server
    10. Joining an ISA Server to a Domain
    11. Troubleshooting ISA Server Installations
      1. Problems Installing ISA Server on a Domain Controller
      2. Examine the Setup Log Files
    12. What to Expect After Installation
      1. Know Your System Policies
    13. Configuring ISA Server
      1. Assigning ISA Server Administrative Roles
      2. Configuring the ISA Server Cache
        1. Enabling and Disabling ISA Server Caching
        2. Configuring the Cache Properties
        3. Configuring Cache Rules
        4. Scheduling Content Download Jobs
          1. Managing Existing Content Download Jobs
            1. Content Download Tasks
            2. Related Tasks
  7. 3. Installing and Configuring Microsoft ISA Server 2004 Enterprise Edition
    1. Before You Begin
    2. Where Not to Install
    3. Installing Configuration Storage Server
      1. Ensuring Connectivity to CSS
      2. Creating an ISA Server Array
    4. Installing ISA Server 2004 Enterprise Edition
      1. Installing Firewall Share and Message Screener
      2. Adding Servers to the ISA Server Array
    5. Installing CSS on a Domain Controller
    6. Installing a CSS from Media
    7. Installing Enterprise Edition Unattended
    8. ISA Server Setup Command-Line Parameters
      1. Troubleshooting Setup
    9. Installing ISA Server 2004 Enterprise Edition into a Workgroup
      1. Workgroup Scenario
      2. Workgroup Enterprise Scenario
      3. Back-to-Back Scenario
        1. Installing a Certificate for Workgroup Authentication
          1. Obtaining a Server Certificate
        2. Exporting a Server Certificate
        3. Installing a Root Certificate from a Local Certificate Authority
      4. Renaming the CSS
      5. Specifying an Alternative CSS Server
    10. Uninstalling ISA Server 2004 Enterprise Edition
    11. Troubleshooting Installation
      1. Upgrading from ISA Server 2000
      2. Examining the Setup Log Files
    12. Configuring ISA Server Enterprise Edition
      1. Assigning ISA Administrative Roles
        1. Enterprise Administrator Roles
        2. Array Administrator Roles
    13. Remote Administration
  8. 4. Installing and Configuring Microsoft ISA Server 2004 Clients
    1. Overview of ISA Server Client Types
      1. Choosing the Right Client
    2. Working with the SecureNAT Client
      1. Installation
        1. Simple Network versus Complex Network
        2. Special Considerations for VPN Networks
      2. Configuration
    3. Working with the Web Proxy Client
      1. Installation
        1. Enabling Web Proxy
      2. Configuration
        1. Manual Configuration of Internet Explorer Clients
        2. Automatic Configuration Using Group Policy
      3. Troubleshooting
    4. Working with the Firewall Client
      1. Make the Firewall Client Share Available
      2. Install the Firewall Client
        1. Installing the Firewall Client Manually
        2. Silent/Unattended Install
        3. Group Policy–Based Install
        4. SMS-Based Install
        5. Applying Service Packs
          1. Checking Firewall Client Version Settings
      3. Configure the Firewall Client
        1. Firewall Client Support on the ISA Server
          1. Enabling Firewall Client Support
          2. Defining Firewall Client Settings
        2. Enabling Support for Legacy Firewall Clients
          1. Configuring Application Settings
          2. Configuring Direct Access to Certain Web Sites
          3. Excluding Domains from Firewall Client Connections
        3. Configuring the Firewall Client on the Local Computer
          1. Firewall GUI Settings
          2. The LocalLAT.txt file
          3. The Common.ini Configuration File
          4. The Management.ini Configuration File
          5. The Application.ini Configuration File
      4. Using Infrastructure Servers to Automate Client Settings
        1. Configuring DNS
        2. DHCP Services
      5. Troubleshooting
        1. Cannot Connect to the Firewall Client Installation Share
        2. Client Dependencies on Infrastructure
  9. 5. Upgrading from Microsoft ISA Server 2000
    1. Changes When Migrating From 2000 to 2004
    2. Performing an In-Place Upgrade
    3. Migrating an ISA Server 2000 Configuration to a Clean ISA Server 2004 Server
      1. Exporting the ISA Server 2000 Configuration
      2. Installing ISA Server 2004
      3. Importing the ISA Server Configuration
      4. Migrating RRAS Configuration
    4. Upgrading ISA Server Enterprise Edition
      1. Exporting the ISA Server 2000 Enterprise Edition Configuration
      2. Installing CSS
      3. Importing the Configuration to the ISA Server 2004 Enterprise Edition Computer
      4. Installing ISA Server 2004 on the ISA Server
        1. In-Place Upgrade of ISA Server 2000 Enterprise Edition
    5. Upgrading From ISA Server 2004 Standard Edition to Enterprise Edition
    6. Troubleshooting ISA Server Upgrades
      1. Missing Components
      2. ISA Server Migration Wizard Command Lines
      3. Configuration Import Errors
  10. 6. Monitoring and Reporting
    1. Monitoring Components
    2. Dashboard
      1. Configuring Refresh Rate Settings
    3. Alerts
      1. Viewing Predefined Alerts
      2. Creating an Alert
      3. Open the ISA Server Management console
        1. Sending an E-Mail Message
        2. Running a Program
        3. Reporting the Event to the Windows Event Log
        4. Stopping Selected ISA Server Services
        5. Starting Selected ISA Server Services
      4. Configuring an Alert
      5. Viewing Alerts
      6. Resetting and Acknowledging Alerts
    4. Services
      1. Starting and Stopping ISA Services
    5. Sessions
      1. Monitoring Sessions
      2. Filtering Sessions
      3. Creating Connectivity Verifiers
      4. Disconnecting a Session
      5. Exporting and Importing Filter Definitions
    6. Events
      1. Monitoring Events
      2. Analyzing Events
    7. Logs
      1. Configuring Logging to an SQL Server Database
      2. Configuring Logging to MSDE
      3. Configuring Logging to a File
      4. Filtering Logging
    8. Reports
      1. Report Types
      2. Generating a Report
      3. Creating a Report Job
      4. Publishing a Report
      5. Viewing a Report
      6. Customizing a Report
      7. Configuring Log Summaries
    9. Performance Monitor
      1. Using Performance Monitor on Your ISA Server
  11. 7. Configuring Toolbox Elements
    1. Protocols
      1. Identifying Predefined Protocols
      2. Creating a Protocol
    2. User Sets
      1. Creating a User Set
    3. Content Types
      1. Creating a Content Type
    4. Schedules
      1. Creating a Schedule
    5. Network Objects
      1. Networks
        1. Creating a New Network Object
      2. Network Sets
      3. Configuring the Internal Network Object
        1. Creating a Network Set Object
      4. Computers
        1. Creating a Computer Object
      5. Address Ranges
        1. Creating an Address Range Object
      6. Subnets
        1. Creating a Subnet Object
      7. Computer Sets
        1. Creating a Computer Set Object
      8. URL Sets
        1. Creating a URL Set Object
      9. Domain Name Sets
        1. Creating a Domain Name Set Object
      10. Web Listeners
        1. Creating and Configuring a Web Listener Object
  12. 8. Configuring Microsoft ISA Server Firewall Policy
    1. Understanding How ISA Server Processes Traffic
    2. System Policy
      1. Editing the System Policy
      2. Exporting and Importing System Policy
    3. An Overview of Firewall Policy
      1. Best Practices
      2. Lockdown Mode
      3. Exporting and Importing Firewall Policy
      4. Configuring FTP Filtering
      5. Configuring HTTP Filtering
      6. Configuring RPC Filtering
        1. Configuring RPC in System Policy
        2. Configuring RPC on an Access Rule
        3. Configuring RPC with Outlook Clients
    4. Access Rules
      1. Creating an Access Rule
      2. Disabling an Access Rule
      3. Deleting an Access Rule
      4. Changing the Order of an Access Rule
    5. Web Publishing
      1. Publishing a Web Server
      2. Modifying an Existing Web Publishing Rule
      3. Publishing a Secure Web Server
        1. Importing Certificates
        2. Running the Publish Secure Web Server Wizard
    6. Server Publishing
      1. Creating a Server Publishing Rule
      2. Publishing a Mail Server
        1. Web Client Access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync
        2. Client Access: RPC, IMAP, POP3, SMTP
        3. Server-to-Server Communication: SMTP, NNTP
    7. Troubleshooting Firewall Policy
  13. 9. Configuring Multinetworking
    1. Working with Network Templates
      1. Creating an Edge Firewall
      2. Creating a 3-Leg Perimeter
      3. Creating a Front Firewall
      4. Creating a Back Firewall
      5. Creating a Single Network Adapter Configuration
    2. Configuring Networks
      1. Exporting and Importing Networks
        1. Troubleshooting Exporting and Importing Network Sets
    3. Configuring Network Sets
      1. Network Sets
        1. Creating a Network Set Object
    4. Configuring Network Rules
      1. Creating a Network Rule
    5. Web Chaining
      1. Creating a Web Chaining Rule
      2. Modifying a Web Chaining Rule
    6. Firewall Chaining
  14. 10. Microsoft ISA Server Security and Administration
    1. ISA Server Administration
      1. Delegating Administration
      2. Configuring Firewall Chaining
      3. Configuring Dial-Up Preferences
      4. Certificate Revocation
      5. Defining Firewall Client Settings
      6. Viewing ISA Server Details
      7. Configuring Link Translation
    2. Security Policy Administration
      1. Defining RADIUS Servers
      2. Configuring Intrusion Detection
        1. Intrusion Detection Alerts and Actions
      3. Defining IP Preferences
      4. Defining Connection Limits
  15. 11. Securing Virtual Private Network Access
    1. Remote Access Configuration
      1. Enabling and Configuring VPN Client Access
        1. Selecting Access Networks
        2. Defining IP Address Assignments
        3. Configuring VPN Authentication
        4. Configuring RADIUS Authentication
      2. Configuring the User Accounts
      3. Creating Access Rules for VPN Clients to Access Other Networks
      4. Configuring the Client Computers
    2. Site-to-Site Configuration
      1. Analyzing and Selecting the VPN Protocol
      2. Creating the VPN Gateway Dial-In Accounts for Authentication
      3. Creating the Primary Site VPN Gateway
      4. Creating a Remote Site Network
      5. Creating Network Rules to the Remote Site
      6. Creating Access Rules
      7. Configuring the Secondary Site VPN Gateway
        1. Confirming Connectivity
      8. Testing the Site-to-Site VPN Connection
    3. VPN Quarantine
  16. 12. Scripting with Microsoft ISA Server 2004
    1. Overview
    2. VBScript Essentials
    3. Preparing Your Environment
      1. Installing ISA Server 2004 SDK
    4. ShowBasicInfo1.vbs
    5. ShowBasicInfo2.vbs
    6. AddComputer.vbs
    7. CreateHTTPAllowRule.vbs
    8. ExportServers.vbs
    9. ImportServers.vbs
    10. Next Steps
  17. 13. Configuring Arrays Using Centralized Management
    1. Working with Arrays and Array Members
      1. Creating an Array
      2. Configuring an Array
      3. Renaming an Array
      4. Deleting an Array
      5. Moving a Server to a Different Array
      6. Managing an Array
      7. Array Communication Explained
        1. Policy Rules Used for Array Communication
    2. Troubleshooting Array Configuration
      1. Specifying a CSS and an Alternate CSS
      2. Unable to Connect to the CSS
  18. 14. Using Enterprise and Array Policies
    1. Enterprise and Array Policies Explained
      1. Enterprise and Array Decisions
      2. Configuring Enterprise Policy Settings
    2. Enterprise Policy Administration
      1. Creating Enterprise Policies
      2. Creating Enterprise Access Rules
      3. Enterprise Administration and Permissions
      4. Backing Up and Restoring an Enterprise Configuration
      5. Deleting Enterprise Policies
      6. Connecting to Remote Enterprise and Arrays
      7. Settings Contained in the Default Enterprise Policy
    3. Array Policy Administration
      1. Rules of Effective Array Policy
      2. Array Administration and Permissions
      3. Array Firewall Policy Rule Types
      4. Configuring Array Policies
      5. Backing Up, Restoring, and Deleting an Array Configuration
  19. 15. Working with Enterprise Technologies and Microsoft ISA Server 2004
    1. Cache Array Routing Protocol (CARP)
      1. Enabling Caching
      2. Enabling CARP for Web Requests
    2. Configuring and Securing Intra-Array Communication
      1. Configuring the CARP Load Factor
      2. CARP and Scheduled Content Download Jobs
    3. Network Load Balancing
      1. Integrated and Nonintegrated Network Load Balancing
      2. Prerequisites
      3. Installing and Configuring Network Load Balancing
        1. Enabling Network Load Balance Integration
        2. Enabling Network Load Balancing for a Network
        3. Additional Configuration for ISA Server and Network Load Balancing
        4. Stopping Network Load Balancing
        5. Server Publishing and Network Load Balancing
        6. Using DNS Round Robin
  20. 16. Configuring Microsoft ISA Server with Microsoft Exchange Server 2003
    1. Configuring DNS Resolution
    2. Overview of ISA Server 2004 and Exchange Server 2003 Integration
    3. Connecting Remote Exchange Clients with Outlook Web Access
      1. Publishing Outlook Web Access
        1. Obtaining a Certificate for Outlook Web Access
        2. Creating an Outlook Web Access Publishing Rule
        3. Preauthenticating Connections
    4. Providing Full-Featured Remote Access for Exchange Clients
      1. Security Features within Exchange
      2. Publishing Outlook RPC for MAPI Clients
        1. Configuring the Remote Client for RPC
          1. Creating a Split DNS
          2. Enabling Client Authentication
          3. Configuring the Outlook Client
      3. Publishing RPC over HTTP for Outlook Clients
        1. Configuring the Exchange Server
        2. Creating an RPC over HTTP Publishing Rule
        3. Configuring the Remote Client for RPC over HTTP
    5. Publishing Basic Mail: SMTP, POP3, and IMAP4
  21. 17. Configuring Microsoft ISA Server with Microsoft SharePoint Portal Server 2003
    1. SharePoint Portal Server 2003 and Windows SharePoint Services Overview
      1. Key SharePoint Portal Server 2003 Features
      2. Key Windows SharePoint Services Features
      3. How ISA Server Improves SharePoint Portal Server and Windows SharePoint Services Access
    2. Publishing Windows SharePoint Services
      1. Allow Windows SharePoint Services to Connect to the Internet
      2. Defining the Web Listener
      3. Creating the Web Publishing Rule
      4. Modifying the Web.Config File for Outbound Internet Access
    3. Publishing SharePoint Portal Server
      1. Network Services
      2. Authentication
      3. Link Translation
      4. Publishing SharePoint Portal ServerPublishing SPS with ISA Server 2004
    4. Configuring SharePoint Portal Server to Work With ISA Server
      1. Modifying the Default URL for the Portal Site
  22. 18. Configuring Microsoft ISA Server with Microsoft Operations Manager 2005
    1. Microsoft Operations Manager 2005 Overview
    2. Getting Started with MOM 2005
      1. Installing Microsoft Operations Manager 2005
      2. Deploying the MOM Client to Your ISA Servers
      3. Agent Communication
        1. ISA Communication Access Rule
      4. Installing the ISA Server 2004 Management Pack
      5. Managing ISA Servers with MOM 2005
      6. Rule Groups and Adding Custom Event Rules
      7. Working with Maintenance Mode
      8. Removing a Computer from Maintenance Mode
      9. Creating Computer Groups
      10. Monitoring ISA Server Performance with MOM 2005
  23. 19. Configuring Microsoft ISA Server with Microsoft Virtual Server 2005
    1. Virtual Server 2005 Overview
      1. Key Features of Virtual Server 2005
      2. Usage Scenarios for Virtual Server 2005 and ISA Server
      3. Virtual Disks
    2. Virtual Networks
    3. Configuring an ISA Server Test Environment Using Virtual Machines
      1. Best Practices
      2. Gotchas
      3. Creating a Virtual Server Environment
        1. Including a Simple, Isolated Client and an ISA Server Environment
        2. Creating a Virtual Hard Disk
        3. Creating Virtual Networks
        4. Creating a Complex Client, ISA Server, and Perimeter Network Environment
    4. Setting Up a Production ISA Server Virtual Machine
      1. Best Practices
  24. 20. Configuring Microsoft ISA Server 2004 with Microsoft Small Business Server 2003
    1. Overview of Small Business Server 2003 and ISA Server 2004
      1. How Different SBS Versions Interact with ISA Server 2004
    2. Installing ISA Server 2004 on Small Business Server 2003
      1. Documenting and Backing Up ISA Server 2000 Settings
      2. Applying SBS Service Pack 1
      3. Installing ISA Server 2004
      4. Running the Configure E-Mail and Internet Connection Wizard
    3. Troubleshooting ISA Server 2004 on Small Business Server 2003
      1. Setup Issues
      2. You Cannot Connect to Exchange Server from Outlook After Installing SBS Service Pack 1
      3. You Receive "Service Not Responding" Errors in the Event Log
      4. Web Publishing Rule Is Invalid
  25. Additional Resources
    1. General Books and References
    2. Chapter 1
    3. Chapter 2
    4. Chapter 3
    5. Chapter 4
    6. Chapter 5
    7. Chapter 6
    8. Chapter 7
    9. Chapter 8
    10. Chapter 9
    11. Chapter 10
    12. Chapter 11
    13. Chapter 12
    14. Chapter 13
    15. Chapter 14
    16. Chapter 15
    17. Chapter 16
    18. Chapter 17
    19. Chapter 18
    20. Chapter 19
    21. Chapter 20
  26. About the Authors
    1. Jason Ballard
    2. Bud Ratliff
  27. Index
  28. About the Authors
  29. Copyright