Book description
Dr. Tom Shinder’s ISA Server 2006 Migration Guide provides a clear, concise, and thorough path to migrate from previous versions of ISA Server to ISA Server 2006. ISA Server 2006 is an incremental upgrade from ISA Server 2004, this book provides all of the tips and tricks to perform a successful migration, rather than rehash all of the features which were rolled out in ISA Server 2004. Also, learn to publish Exchange Server 2007 with ISA 2006 and to build a DMZ.* Highlights key issues for migrating from previous versions of ISA Server to ISA Server 2006.
* Learn to Publish Exchange Server 2007 Using ISA Server 2006.
* Create a DMZ using ISA Server 2006.
- Dr. Tom Shinder’s previous two books on configuring ISA Server have sold more than 50,000 units worldwide.
- Dr. Tom Shinder is a Microsoft Most Valuable Professional (MVP) for ISA Server and a member of the ISA Server beta testing team.
Table of contents
- Copyright
- Lead Authors
- Contributing Authors
- Introduction
-
1. Network Security Basics
- Introduction
- Security Overview
- Defining Basic Security Concepts
- Addressing Security Objectives
- Recognizing Network Security Threats
- Designing a Comprehensive Security Plan
- Summary
-
2. ISA Server 2006 Client Types and Automating Client Provisioning
- Introduction
-
Understanding ISA Server 2006 Client Types
- Understanding the ISA Server 2006 SecureNAT Client
-
Understanding the ISA Server 2006 Firewall Client
- Allows Strong User/Group-Based Authentication for All Winsock Applications Using TCP and UDP Protocols
- Allows User and Application Information to be Recorded in the ISA Server 2006 Firewall’s Log Files
- Provides Enhanced Support for Network Applications, Including Complex Protocols That Require Secondary Connections
- Provides “Proxy” DNS Support for Firewall Client Machines
- The Network Routing Infrastructure Is Transparent to the Firewall Client
- How the Firewall Client Works
- Installing the Firewall Client Share
- Installing the Firewall Client
- Firewall Client Configuration
- Client Side Firewall Client Settings
- Firewall Client Configuration Files
- Firewall Client Configuration at the ISA Server 2006 Firewall
-
ISA Server 2006 Web Proxy Client
- Improved Performance for the Firewall Client and SecureNAT Client Configuration for Web Access
- Ability to Use the Autoconfiguration Script to Bypass Sites Using Direct Access
- Allows You to Provide Web Access (HTTP/HTTPS/FTP Download) without Enabling Users Access to Other Protocols
- Allows You to Enforce User/Group-based Access Controls Over Web Access
- Allows you to Limit the Number of Outbound Web Proxy Client Connections
- Supports Web Proxy Chaining, Which Can Further Speed Up Internet Access
- ISA Server 2006 Multiple Client Type Configuration
- Deciding on an ISA Server 2006 Client Type
- Automating ISA Server 2006 Client Provisioning
- Automating Installation of the Firewall Client
- One More Time
-
3. Installing and Configuring the ISA Firewall Software
- Pre-installation Tasks and Considerations
- Performing a Clean Installation on a Multihomed Machine
- Default Post-installation ISA Firewall Configuration
- The Post-installation System Policy
- Performing a Single NIC Installation (Unihomed ISA Firewall)
- Quick Start Configuration for ISA Firewalls
- Hardening the Base ISA Firewall Configuration and Operating System
- One More Time
-
4. Creating and Using ISA 2006 Firewall Access Policy
- ISA Firewall Access Rule Elements
-
Configuring Access Rules for Outbound Access through the ISA Firewall
- The Rule Action Page
- The Protocols Page
- The Access Rule Sources Page
- The Access Rule Destinations Page
- The User Sets Page
- Access Rule Properties
- The Access Rule Context Menu Options
- Configuring RPC Policy
- Configuring FTP Policy
- Configuring HTTP Policy
- Ordering and Organizing Access Rules
- How to Block Logging for Selected Protocols
- Disabling Automatic Web Proxy Connections for SecureNAT Clients
-
Using Scripts to Populate Domain Name Sets
- Using the Import Scripts
- Extending the SSL Tunnel Port Range for Web Access to Alternate SSL Ports
- Avoiding Looping Back through the ISA Firewall for Internal Resources
- Anonymous Requests Appear in Log File Even When Authentication is Enforced For Web (HTTP Connections)
- Blocking MSN Messenger using an Access Rule
- Allowing Outbound Access to MSN Messenger via Web Proxy
- Changes to ISA Firewall Policy Only Affects New Connections
- Allowing Intradomain Communications through the ISA Firewall
- One More Time
-
5. Publishing Network Services with ISA 2006 Firewalls
-
Overview of Web Publishing and Server Publishing
-
Web Publishing Rules
- Proxied Access to Web Sites Protected by the ISA firewall
- Deep Application-Layer Inspection of Connections Made to Published Web Sites
- Path Redirection
- URL rewriting with ISA’s Link Translation
- Ability to Publish Multiple Web Sites with a Single IP Address
- Pre-authentication of requests, and Authentication Delegation to the published Site
- Single Sign-On (SSO) for Published Web Sites
- Support for SecurID Authentication
- Support for RADIUS Authentication
- Reverse Caching of Published Web Sites
- Support for Forwarding either the ISA Firewall’s IP Address, or the Original Web Client’s IP Address to the Web Site
- Ability to Schedule when Connections are Allowed to Published Web Sites
- Port and Protocol Redirection
-
Server Publishing Rules
- Server Publishing Rules are a Form of Reverse NAT, sometimes referred to as “Port Mapping” or “Port forwarding” and do not Proxy the Connection
- Almost All IP Level and TCP/UDP Protocols can be Published using Server Publishing Rules
- Server Publishing Rules do not Support Authentication on the ISA Server
- Application-Layer Filtering can be Applied to a Defined Subset of Server Published Protocols
- You can Configure Port Overrides to Customize the Listening Ports and the Port Redirection. You can also Lock Down the Source Ports the Requesting Clients use to Connect to the Published Server
- You can lock down who can Access Published Resources using IP addresses
- The External Client Source IP Address can be Preserved or it can be Replaced with the ISA Firewall’s IP address
- Restrict connections to specific days and times
- Support for Port Redirection or PAT (Port Address Translation)
-
Web Publishing Rules
-
Creating and Configuring Non-SSL Web Publishing Rules
- The Select Rule Action Page
- The Publishing Type Page
- The Server Connection Security Page
- The Internal Publishing Details Page (Part one)
- The Internal Publishing Details Page (Part two)
- The Public Name Details Page
- The Select Web Listener Page and Creating an HTTP Web Listener
- The Web Listener IP Addresses Page
- The Authentication Settings Page
- The Single Sign on Settings Page
- The LDAP Settings Page
- The RADIUS Settings Page
- SecurID Settings
- The Authentication Delegation Page
- The User Sets Page
- Creating and Configuring SSL Web Publishing Rules
- Configuring Advanced Web Listener Properties
- The Web Publishing Rule Properties Dialog Box
- Creating Server Publishing Rules
- Creating Mail Server Publishing Rules
- Publishing Exchange Web Client Access
- One More Time
-
Overview of Web Publishing and Server Publishing
-
6. Creating Remote Access and Site-to-Site VPNs with ISA Firewalls
-
Overview of ISA Firewall VPN Networking
- Firewall Policy Applied to VPN Client Connections
- Firewall Policy Applied to VPN Site-to-Site Connections
- VPN Quarantine
- User Mapping of VPN Clients
- SecureNAT Client Support for VPN Connections
- Site-to-Site VPN Using Tunnel Mode IPSec
- Publishing PPTP VPN Servers
- Pre-shared Key Support for IPSec VPN Connections
- Advanced Name Server Assignment for VPN Clients
- Monitoring of VPN Client Connections
- An Improved Site-to-Site Wizard (New ISA 2006 feature)
- The Create Answer File Wizard (New ISA 2006 Feature)
- The Branch Office Connectivity Wizard (New ISA 2006 feature)
- The Site-to-Site Summary (New ISA 2006 Feature)
- Creating a Remote Access PPTP VPN Server
- Creating a Remote Access L2TP/IPSec Server
-
Creating a PPTP Site-to-Site VPN
- Create the Remote Site Network at the Main Office
- The Network Rule at the Main Office
- The Access Rules at the Main Office
- Create the VPN Gateway Dial-in Account at the Main Office
- Create the Remote Site Network at the Branch Office
- The Network Rule at the Branch Office
- The Access Rules at the Branch Office
- Create the VPN Gateway Dial-in Account at the Branch Office
- Activate the Site-to-Site Links
-
Creating an L2TP/IPSec Site-to-Site VPN
- Enable the System Policy Rule on the Main Office Firewall to Access the Enterprise CA
- Request and Install a Certificate for the Main Office Firewall
- Configure the Main Office ISA Firewall to use L2TP/IPSec for the Site-to-Site Link
- Enable the System Policy Rule on the Branch Office Firewall to Access the Enterprise CA
- Request and Install a Certificate for the Branch Office Firewall
- Configure the Branch Office ISA Firewall to use L2TP/IPSec for the Site-to-Site Link
- Activate the L2TP/IPSec Site-to-Site VPN Connection
- Configuring Pre-shared Keys for Site-to-Site L2TP/IPSec VPN Links
- IPSec Tunnel Mode Site-to-Site VPNs with Downlevel VPN Gateways
-
Using RADIUS for VPN Authentication and Remote Access Policy
- Configure the Internet Authentication Services (RADIUS) Server
- Create a VPN Clients Remote Access Policy
- Remote Access Permissions and Domain Functional Level
- Changing the User Account Dial-in Permissions
- Changing the Domain Functional Level
- Controlling Remote Access Permission via Remote Access Policy
- Enable the VPN Server on the ISA Firewall and Configure RADIUS Support
- Create an Access Rule Allowing VPN Clients Access to Approved Resources
- Make the Connection from a PPTP VPN Client
- Using EAP User Certificate Authentication for Remote Access VPNs
- Supporting Outbound VPN Connections through the ISA Firewall
- Installing and Configuring the DHCP Server and DHCP Relay Agent on the ISA Firewall
- Summary
-
Overview of ISA Firewall VPN Networking
-
7. ISA 2006 Stateful Inspection and Application Layer Filtering
- Introduction
- Application Filters
-
Web Filters
- The HTTP Security Filter (HTTP Filter)
- The ISA Server Link Translator
- The Web Proxy Filter
- The OWA Forms-Based Authentication Filter
- The RADIUS Authentication Filter
- IP Filtering and Intrusion Detection/Intrusion Prevention
- Summary
-
8. Accelerating Web Performance with ISA 2006 Caching Capabilities
- Understanding Caching Concepts
- Understanding ISA 2006’s Web Caching Capabilities
-
Configuring ISA 2006 as a Caching Firewall
-
Enabling and Configuring Caching
- How to Enable Caching in Enterprise Edition
- How to Enable Caching in Standard Edition
- How to Disable Caching in Enterprise Edition
- How to Disable Caching in Standard Edition
- How to Configure Properties
- Configuring Which Content to Cache
- Configuring the Maximum Size of Objects in the Cache
- Configuring Whether Expired Objects Should be Returned from Cache
- Allocating a Percentage of Memory to Caching
- Creating Cache Rules
-
Configuring Content Downloads
- How to Ensure a Content Download Job Can Run
- How to Create and Configure Scheduled Content Download Jobs
- How to Make Changes to an Existing Content Download Job
- How to Disable or Delete Content Download Jobs
- How to Export and Import Content Download Job Configurations
- How to Run a Content Download Job Immediately
-
Enabling and Configuring Caching
- Summary
-
9. Using ISA Firewall 2006’s Monitoring, Logging, and Reporting Tools
- Introduction
- Exploring the ISA 2006 Dashboard
- Creating and Configuring ISA 2006 Alerts
- Monitoring ISA 2006 Connectivity, Sessions, and Services
- Working with ISA Firewall Logs and Reports
- Using the ISA Firewall’s Performance Monitor
- ISA Firewall 2004 Upgrade Considerations
Product information
- Title: Dr. Tom Shinder's ISA Server 2006 Migration Guide
- Author(s):
- Release date: April 2011
- Publisher(s): Syngress
- ISBN: 9780080555515
You might also like
book
Dr. Tom Shinder's Configuring ISA Server 2004
Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as …
book
Microsoft® Office Communications Server 2007 R2 Resource Kit
In-depth, comprehensive, and fully revised for R2 this RESOURCE KIT delivers the information you need to …
book
Using Microsoft® Visio® 2010
Using Microsoft Visio 2010 is a customized, media-rich learning experience designed to help new users master …
book
Sleeping with the Enemy: Running Windows® on a Mac®
Sleeping with the Enemy: Running Windows on a Mac provides the information Mac users need to …