Overview © Introducing Microsoft ISA Server 2004 © Deployment Scenarios for ISA Server 2004... What Are the Benefits of ISA Server 20042 Z Z ` Advanced Protection
Trang 1
Module 1:
Overview of Microsoft
ISA Server 2004
Trang 2Overview
© Introducing Microsoft ISA Server 2004
© Deployment Scenarios for ISA Server 2004
Trang 3Lesson: Introducing ISA Server 2004
Z
© What Are the Benefits of ISA Server 2004?
© Multimedia: Overview of ISA Server 2004 Functionality
© ISA Server 2004 Management Interface
© ISA Server 2004 Enterprise Edition Features
© Differences Between ISA Server 2000 and
ISA Server 2004
Trang 4
What Are the Benefits of ISA Server 20042
Z
Z
`
Advanced
Protection
Multi-layer packet Inspection Unified firewall and VPN server Multi-networking
Application-layer filtering
⁄
`
Efficient management tools Network templates
Product integration Ease of use for clients
⁄“
Enhanced
Performance
Optimized for performance Integrated functionality scalability
Web caching
Trang 5
Multimedia: Overview of ISA Server 2004 Functionality
ISA Server 2004 - Firewall
Trang 6
ISA Server 2004 Management Interface
& Microsoft Internet Security and ñcceleration Server 2004
EE Microsoft Internet Security and ñcceleration Server 2004
© =| Eile
Mid | 42 =|! Eile | ng hiệu ga: Security and äcceleration Server 2004
EE Microsoft Internet Security and ñcceleration Server 2004
at L5] Mịc “| ‹ 5 | E Microsoft Internet Security and ñcceleration Server 2004
ca i 5 | | 3 Microsoft Internet Security anc eae itv&
F - || =:-C@ pEN-15a-p1 nternet Security Virtual Private Networks (¥PN)
i Ñ ~~ EQ Monitoring Standard Edition
BH ị nụ ‘& Firewall Policy
meee virtual Private Network
ae Configuration ¥PN Clients % Remote Sites
~~edhes Networks `
thề Verify that VPN Client Access is Enabled
Allow remote clients to connect to the network using a VPN connection
General VPN
Configuration
Specify Windows Users or select a RADIUS Server
Specify the Windows users (domain groups) allowed YPN access or, if using EMF Select Access Networks
RADIUS authentication, select the RADIUS authentication server (f Define Address Assignments
ef Select Authentication Methods
Verify that VPN properties, such as protocols and access points, are defined according to your network requirements
Related Tasks
Verify that Firewall Policy rules for the ¥PN Clients Network are defined in
accordance with your network and corporate security requirements (© Export VPN Clients
Configuration
(3) Import VPN Clients
Configuration
Verify that the rules specifying network relationships between the ¥PN Clients Network and other networks, such as Internal, are defined according to your network requirements
lv |+ |
Trang 7
ISA Server 2004 Enterprise Edition Features
Z
© ISA Server 2004 Enterprise Edition provides enhanced
scalability by:
Providing centralized storage and configuration of the ISA
Server configuration data
Supporting CARP for distributed caching
Providing NLB integration
Trang 8Differences Between ISA Server 2000 and ISA Server 2004
© Multiple network support
© Policies assigned per network
© Routed and NAT network relationships
© Extended protocol support
© Advanced application filtering
© Enhanced authentication options
© VPN and quarantine integration
© Stateful inspection for VPN
© Export and import
© Delegated permissions wizard for firewall
administrator roles
Trang 9
Lesson: Deployment Scenarios for ISA Server 2004
© How ISA Server Works as an Internet Edge Firewall
© How ISA Server Works as a Back-End Firewall
© How ISA Server Works as a Branch Office Firewall
© How ISA Server Works as an Integrated Firewall, Proxy,
and Caching Server
© How ISA Server Works as a Proxy- and Caching-Only
Server
Trang 10
How ISA Server Works as an Internet Edge Firewall
© Use ISA Server to:
Block all Internet traffic unless explicitly allowed
Publish internal servers such as Web or Exchange servers
Provide a VPN gateway for remote users
Provide proxy and caching services
Server
if ISA Server ~ Web
Remote User
—_—_—_ eam
I
Trang 11
How ISA Server Works as a Back-End Firewall
Z
© Use ISA Server to:
Securely publish Exchange servers Securely publisn other internal Web servers
Provide proxy and cacning services
Server
LAN
Web Server “is Server
Te seme,
a LỤ”
User
Exchange Server
{Firewall
Web
| Server
A
— Aa ee
—====eeses
Trang 12How ISA Server Works as a Branch Office Firewall
© Use ISA Server to:
Create an IPSec tunnel-mode VPN between offices
Create a PPTP or L2TP with IPSec VPN between offices
Inspect and filter all traffic between offices
Provide secure access to the Internet at the branch office
ISA Server —— ENA op
> R `
I > S a
Mr eet kì SA
\Í \ Poe /
Internet
Corporate
Headquarters
Trang 13
How ISA Server Works as an Integrated Firewall, Proxy,
and Caching Server
C
© Use ISA Server to:
Provide proxy and cacning services to conserve Internet bandwidth
Configure dial-up connections to the Internet
Block all Inbound network traffic
Provide secure configurations using network templates and server
publishing wizards
LAN
ISP Server
—
= Internet
">> ^`ˆ
wae
pf
Web Server
Trang 14
How ISA Server Works as a Proxy- and
Caching-Only Server
© Use ISA Server with a single network adapter to
provide proxy and caching services
© Deploying ISA Server with a single network
adapter means that it does not provide
additional security functionality
LAN ISA Server
— Web
© Server
——
Trang 15Lab: Designing an ISA Server 2004 Implementation
© Exercise 1: Designing an ISA Server
Deployment at Contoso Pharmaceuticals
© Exercise 2: Designing an ISA Server Deployment at Blue Yonder Airlines