In this article we started out with a small trip down memory lane and discussed how the world has changed from one I came from, where you could consider putting a NAT server on the edge of the network without any type of firewall in front of it or even on the NAT server itself.
In part 1 of this series on post-installation tasks for single member ISA Server 2006 Enterprise Edition Arrays configured in workgroup mode, I provided a comprehensive list of post-installation tasks. In this, part 2 of the series, I’ll continue to move through that list.
ISA Server 2006 is the next version of the ISA firewall product line. In the past we’ve focused on the ISA firewall’s firewall components and how you can deploy the ISA firewall in a number of firewall roles, such as edge firewall, back-end firewall, services segment firewall, and wireless LAN firewall. We’ve been promoting the ISA firewall deployment concept for almost six years, and we’ll continue to do that.
With his first article for ISAserver.org, we would like to welcome ISA Server MVP Marc Grote who for the past two years has contributed many excellent articles to our sister site - MSExchange.org. This is the first article of a four part series which will show you how to install and configure ISA Server 2004 Enterprise Edition. In the first part Marc will show you how to install and configure the Configuration Storage Server.
The issue of hardening the ISA firewall has always been a hot topic. The topic became especially hot when ISA Server 2000 was released with system hardening wizards that broke key features of the ISA Server 2000 firewall product. While many of us made gallant attempts at coming up with comprehensive hardening plans that wouldn’t break core ISA Server 2000 firewall functionality, it always seemed like we were feeling our way through the dark.
A problematic situation with the ISA Server 2000 firewall was that once a VPN client connected to the ISA Server 2000 firewall, they could not connect to the Internet using their default SecureNAT client configuration.
I am sure we have all either encountered or heard of this "problem" one time or another if the ISA Server is part of the Active Directory Domain. Is it a problem? No, it is by design. To block all unnecessary traffic is the job of the firewall. I know Domain Controller traffic is not unnecessary unreachable traffic, but we have to "explain" to the ISA Server that DC traffic is reachable.
Now that Windows Server 2003 is officially released, and ISA Server is officially supported on Windows Server 2003, we can get to the business of testing out ISA Server on Windows Server 2003 machines. There are many compelling reasons to run ISA Server on a Windows Server 2003 machine. Check out the article to find out what they are!
You've heard us say time and time again "You need to create a split DNS!". But what is a split DNS? Do you really need a split DNS? In what circumstances is a split DNS required? Check out this article and find out if a split DNS is for you.
In the first part of our Firewall client automation series I discussed how you get the firewall client software installed. Once you get the software installed, you need to configure it! You can manually configure the Firewall client, or have the configuration done for you automatically, in advance. This article gives the secret inside info on how it all works.
In this first part of a two part article on Firewall client Autodiscovery and Autoconfiguration, we'll look at methods you can use to help the Firewall client to find the right ISA Server to use to connect to the Internet.
The IT security strategy which is incorporated within ISA Server seems to address the need for secure internal networking, both for small businesses that use a few computers and are connected to the Internet via modem, as well as for large highly-networked corporations using internet connectivity as a routine procedure.
Microsoft is trying to present itself as not only the worldwide leading manufacturer of operating systems but also as a top provider of comprehensive IT solutions for business. With its Microsoft Internet Security & Acceleration Server, the Redmond software giant is approaching this goal. This is Part I of a series of articles on ISA Server: its origin, complexity, benefits and shortcomings.
Backing up is hard to do. That's especially the case with your ISA Server config. Which method should you use? Which method works? Check out this article on how to backup and restore the ISA Server using the integrated NTBACKUP utility
If you have not yet installed ISA Server on your network, this is the article for you. In this article I will walk you through, step-by-step, the installation of ISA Server 2000 onto a computer in your network. We will cover the different types of installations you can perform (either as a stand-alone server or as part of an array of ISA Servers) and discuss the caveats associated with each.
If you’re just getting started with ISA Server you might find that its hard to tell where the place is to start. One place you could start is by using the Getting Started Wizard. You can access the Wizard by opening the ISA Management console and clicking the topmost node in the left pane. Be sure that you have Taskpad view enabled by right clicking on an object in the left pane, then going to View and then click on Taskpad.
Want some more fun? Let’s look at the ISA scenario. What many folks will do is place DNS resolver IPs in both NICs, ISP in the external, local in the internal. While this seems to make sense, it’s actually very inefficient and you can actually cause huge timeouts this way. Remember that TCP/IP will choose the route for a given packet based on its destination, not where it found the data. This means that DNS entries are not really NIC-specific, it’s just more meaningful to the person entering them.
A subject that gets a good deal of attention on the www.isaserver.org message boards is that of ISA and DMZ network configuration. ISA Server supports setting up a DMZ segment that separates Internet traffic from your internal network. The DMZ is considered a security zone that allows the partitioning of all Internet traffic away from the internal network.
Before you install ISA, you have to properly set up the networking properties for that machine. Mistakes made either during or after installing ISA server can render your once proud server unresponsive.
I watch the ISA Server web boards very closely. I’ve observed over the last few months that a lot of people would benefit from a description on how to set up a “simple” network using the ISA Server as a Web Proxy Cache and Firewall. A simple network is one that has a single internal network ID. This is a non-routed network. A complex network would be an internal network with multiple network IDs and therefore is a routed network. I’ll write about how to configure ISA Server to work in routed environments in the future.