• Deployment Kits, ISA Server Firewall Appliances and ISA Server 2004 Beta 2
• ISA Server and Beyond Book and ISA Server and Beyond Seminars Now Available
• ISAserver.org Learning Zone articles of Interest
• KB Articles of the Month
• Post of the Month
• ISA Server Links of the Month
• Ask Dr. Tom

Welcome to the ISAserver.org newsletter! Each month we will bring you interesting and helpful information on ISA Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: tshinder@isaserver.org.

Try the first integrated Internet and firewall platform for Microsoft ISA Server--Free for 30days! Download Today: http://www.rainfinity.com/products/downloads.html RainConnect and RainWall can offer ISA Server customers a highly available, integrated Internet and firewall platform that ensures simplification of distributed management while maximizing security and Internet resources. Download Today! http://www.rainfinity.com/products/downloads.html

1. Deployment Kits, ISA Server Firewall Appliances and ISA Server 2004 Beta 2

• The ISA Server 2000 Branch Office Deployment Kit
• The ISA Server 2000 Application Layer Filtering Kit
• The ISA Server 2000 SharePoint Portal Server Deployment Kit
• The ISA Server 2000 Exchange 2000/2003 Deployment Kit
• The ISA Server 2000 in Education Deployment Kit

Each of these kits have at least a dozen articles (some have over 30) that get you up to speed on using ISA Server 2000 firewall, VPN and Web Proxy servers to increase network security, improve network performance, and reduce overall bandwidth and administration time and costs. Just about everything you ever wanted to know about getting ISA Server 2000 to do what you want it to do can be found in one of the kits. So check them out before they're all gone.

Another exciting thing on the ISA Server 2000 firewall front is the first official ISA Server firewall appliance. The Network Engines Firewall for Microsoft Exchange Server takes a novel approach in protecting Microsoft Exchange Server. Its a fact of life around here that ISA Server 2000 is the firewall for Microsoft Exchange Server, and the Network Engines appliance combines the best of host based (personal firewall) security and network firewall security principles to provide a unusual level of security for Microsoft Exchange. Stay tuned to ISAServer.org for more information on this intriguing ISA Server 2000 firewall appliance.

The biggest news in the ISA firewall world is the public release of ISA Server 2004 beta 2. If you haven't seen the new ISA firewall, then you must investigate all the new things it has to offer! ISA 2004 firewalls build on the successes of ISA Server 2000 and make it even better; much better! What's new? Check this out:

• Stateful inspection (not just simple stateful filtering) and firewall policy applied to VPN client connections. Tell me of another firewall that does this without breaking the bank!

• Multinetworking feature allows you to apply firewall policy on all interfaces and define access controls between any two networks

• An all new access policy model. Access Rules are an ordered list that is very easy to manage and interpret.

• Super sophisticated HTTP security filter. You can control inbound and outbound access based on virtually any aspect of an HTTP communication -- the days of users sneaking warez applications through an HTTP session are just about over

• Enhanced support and protection for remote access to Microsoft Exchange Servers. ISA 2004 firewall's sport improvements in Exchange Server support, which further bolsters ISA's reputation as the firewall for Microsoft Exchange Servers.

There are dozens more new features and improvements in ISA 2004. Step 1: Go to www.microsoft.com/isaserver and download the beta code, and step 2: go to http://www.isaserver.org/articles/isa2004beta2.html and see how to get up and running with the new ISA 2004 firewall as fast a possible. Make sure to check http://www.isaserver.org/ on a regular basis for articles and tutorials on ISA 2004 firewalls.

• Publishing Multiple Web Sites using a Wildcard Certificate in ISA Server 2004
• Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template
• Placing ISA Server 2000 into Networks with an Existing Firewall Infrastructure and Other ISA Server 2000 Firewall Topologies
• Publishing FTP Sites with an Alternate Port using ISA Server 2004 Firewalls
• Joining the Branch Office to the Main Office with ISA 2000 Firewalls: Connecting to the Main Office Exchange Server from the Branch Office using RPC over HTTP
• Check out our new ISA Server 2004 message boards!
• ISA Server 2000 Quick Start Guide

• XWEB: Outlook Web Access Prompts You for Logon Credentials Multiple Times Before Inbox Appears
• FIX: Error Pages Do Not Appear in the Correct Language After You Install Feature Pack 1
• MS04-001: A vulnerability in an Internet Security and Acceleration Server 2000 H.323 filter could allow remote code execution
• Port Requirements for the Microsoft Windows Server System
• Performance Tuning Options for Internet Security and Acceleration Server
• FIX: Outbound PPTP connections may disconnect after 60 seconds if the ISA Firewall Service is running
• Web content does not appear, or clients receive an "HTTP 502 Proxy Error" message when they try to access external Web sites with ISA Server 2000
• Multiple Authentication Dialog Boxes Are Displayed When You Use Access Control
• You receive a "you are not authorized to view this page" error message when you try to access an external Web site that requires authentication
• Internet Explorer Does Not Support Kerberos Authentication With Proxy Servers
• Running ISA Server on Windows Server 2003

OK, if I hear one more question asking about getting voice and video working for MSN Messenger, I going to jump! Instead, I'll give you this link that will tell you what you need to know about Instant Messaging with ISA Server:

http://www.microsoft.com/technet/treeview/default.asp?url =/technet/prodtechnol/isa/maintain/isaimsec.asp

If you spend enough time comparing different vendor's firewalls, you'll discover that they all want you to know what the maximum throughput is through the firewall. Those firewalls that can pump a gigabit per second or more take pride in playing with the big boys. The good news is that ISA Server 2000 can force almost 1.6 GB/sec. ISA firewalls clearly get our "speeding ticket" of the month:

http://www.microsoft.com/isaserver/techinfo/planning/performance.asp

Everythi ng you ever wanted to know about SQL Replication over the Internet using ISA Server 2000 Firewalls:

http://www.microsoft.com/technet/treeview/default.as p?url=/technet/prodtechnol/sql/maintain/security/proxy.asp

Do you need to squeeze out every last bit of performance from your ISA firewall and Web caching server? Who doesn't! But where do you go to get the inside info required to tweak the Registry and select the right settings on the ISA firewall? Look no further! This article, ISA Server Performance Best Practices has tons of great info on how to get the most out of the ISA 2000's Firewall and Web Proxy services :

http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/prodtech/ISA/ISAPrfBP.asp

There's lot's more, but I need to keep some for next month ;)
 

QUESTION: Disaster recovery was a big thorn in our side with ISA Server 2000. While the ISA firewall is doing its job, we live in mortal fear that something is going to happen to the machine and we'll lose all our settings. I don't want to sit in front of the ISA console for a week manually re-entering all my elements and rules! Does the ISA 2004 firewall improve on this situation? Thanks! --Anthony.

ANSWER: I have some very good news for you, Anthony. The configuration and change management feature set included with ISA 2004 firewalls is much, much better than what you saw with ISA Server 2000. In ISA Server 2000, the integrated backup utility only created incremental backups of the ISA firewall configuration and they could only be used to restore to the same machine. If there was any kind of disaster, you could not use the integrated backup file to recover. The best option is to use Jim Harrison's import/export tool, which you can find at http://www.isatools.org/

ISA 2004 firewalls allow you to back up virtually any aspect of the firewall configuration and restore those settings to any other ISA 2004 firewall. Using the integrated backup utility, you can back up the entire configuration and restore that configuration to the same installation on the same machine, or a new installation on the same machine, or a completely different installation on a different machine. You also have the option to backup up selected components of the firewall configuration and copy those to another machine. For example, if you're having problems with your Access Rules or Web Publishing Rules, you can easily back just the Access Policy and send that information to an ISA firewall professional and he will be able to quickly see what the problem is by importing your configuration to a test machine. I know that you'll be extremely happy with the new and improved backup and restore functionality. For some info how it all works, check out the ISA 2004 firewall solution documentation over at http://download.microsoft.com/download/5/a/e/5ae686f4-c4 a6-4213-bc50-abc46b0714dc/solutiondocs.exe

Try the first integrated Internet and firewall platform for Microsoft ISA Server--Free for 30days! Download Today: http://www.rainfinity.com/products/downloads.html RainConnect and RainWall can offer ISA Server customers a highly available, integrated Internet and firewall platform that ensures simplification of distributed management while maximizing security and Internet resources. Download Today! http://www.rainfinity.com/products/downloads.html