Tài liệu Module 3: Enabling Access to Internet Resources potx

ISA Server 2004 as a Proxy Server Configuring Multi-Networking on ISA Server Configuring Access Rule Elements Configuring Access Rules for Internet Access... Lesson: ISA Server 2004 as a

Module 3: Enabling Access to Internet

Resources

ISA Server 2004 as a Proxy Server

Configuring Multi-Networking on ISA Server Configuring Access Rule Elements

Configuring Access Rules for Internet Access

Lesson: ISA Server 2004 as a Proxy Server

How ISA Server Enables Secure Access to Internet Resources

Why Use a Proxy Server?

How Does a Forward Web Proxy Server Work?

What Is a Reverse Web Proxy Server?

How to Configure ISA Server as a Proxy Server

DNS Configuration for Internet Access

How to Configure Web Chaining

How to Configure Dial-Up Connections

How ISA Server Enables Secure Access to

Internet Resources

ISA Server ISA Server

Web Server Web Server

Proxy Server

Is the … User allowed access?

Computer allowed access? Protocol allowed?

Destination allowed?

Content allowed?

Why Use a Proxy Server?

Improved Internet access security:

User authentication

Filtering client requests

Content inspection

Logging user access

Hiding the internal network details

User authentication

Filtering client requests

Content inspection

Logging user access

Hiding the internal network details

ISA Server

Improved Internet access performance

Web Server

How Does a Forward Web Proxy Server Work?

ISA Server ISA Server Server Server Web Web

1

3 6

2

5

4

Is the … User allowed access?

Protocol allowed?

Destination allowed?

What Is a Reverse Web Proxy Server?

3

Web Server Web Server

DNS Server DNS Server

ISA Server ISA Server

5

4

2

6 1

Is the … Request allowed?

Protocol allowed?

Destination allowed?

How to Configure ISA Server as a Proxy Server

DNS Configuration for Internet Access

Configure ISA Server clients to use an internal DNS server if the DNS server can resolve Internet addresses

Configure ISA Server clients to use an internal DNS server if the DNS server can resolve Internet addresses

If no internal DNS server is available to resolve Internet addresses, configure the ISA Server clients to use an Internet DNS server

If no internal DNS server is available to resolve Internet addresses, configure the ISA Server clients to use an Internet DNS server

ISA Server includes a DNS cache that caches the

results of all DNS lookups performed through

ISA Server

ISA Server includes a DNS cache that caches the

results of all DNS lookups performed through

How to Configure Web Chaining

Head Office Branch Office

Internet

Branch Office

How to Configure Dial-Up Connections

Practice: Configuring ISA Server as a Web Proxy Server

Configuring the proxy server settings on ISA Server

Internet Den-ISA-01

Den-DC-01

Lesson: Configuring Multi-Networking on ISA Server

How Does ISA Server 2004 Support Multiple Networks?

Default Networks Enabled in ISA Server

About Network Objects

How to Create and Modify Network Objects

What Are Network Rules?

How Does ISA Server 2004 Support Multiple Networks?

Support any Number of Networks

VPN Networks Represented

as Networks

Dynamic Network

Membership

Per Network Rules

Per Network Policies

LAN2

VPN

Perimeter2 Perimeter1

Default Networks Enabled in ISA Server

Default External All IP addresses not associated with another networkInternal All IP addresses specified as internal during installationVPN Clients All IP addresses for currently connected VPN clients

About Network Objects

Network All computers connected to a single network interfaceNetwork Set One or more networks

Computer A single computer identified by an IP address

Computer Set All computers included in specified computer, subnet or address range objects

Address Range All computers identified by continuous IP addresses

Subnet All computers on a specified subnet

Domain Name Set All specified domain names

Web Listener The IP address on which the ISA Server listens for connections

How to Create and Modify Network Objects

Click Firewall Policy,

Networks or Network Sets

What Are Network Rules?

NAT connection:

A NAT relationship is directional

Addresses from the source network are always

translated when passing through ISA Server

A NAT relationship is directional

Addresses from the source network are always

translated when passing through ISA Server

Route connection:

A route relationship is bidirectional

If a routed relationship is defined from network A

to network B, a routed relationship also exists from network B to network A

A route relationship is bidirectional

If a routed relationship is defined from network A

to network B, a routed relationship also exists from network B to network A

Practice: Managing Network Objects

Configuring a new network

on ISA Server Configuring a new network rule

on ISA Server Configuring a new computer network object on ISA Server

Internet Den-ISA-01

Den-DC-01

Lesson: Configuring Access Rule Elements

What Are Access Rule Elements?

How to Configure Protocol Elements

How to Configure User Elements

How to Configure Content Type Elements

How to Configure Schedule Elements

How to Configure Domain Name Sets and URL Sets

What Are Access Rule Elements?

Access Rule Element Used to Configure

Protocols The protocols that will be allowed or denied by an access rule

Users The users that will be allowed or denied by an access rule

Content Types The content type that will be allowed or denied by an access rule

Schedules The time of day when Internet access will be allowed or denied by an access rule

Network Objects The computers or destinations that will be allowed or denied by an access rule

How to Configure Protocol Elements

How to Configure User Elements

How to Configure Content Type Elements

Define the MIME

types and file

extensions to include

Define the MIME

types and file

extensions to include

How to Configure Schedule Elements

Define the times when this schedule

is active or inactive

Define the times when this schedule

is active or inactive

How to Configure Domain Name Sets and URL Sets

Use this to configure access to a URL

Use this to configure access to a URL

Use this to configure access to an entire

domain

Use this to configure access to an entire

domain

Practice: Configuring Firewall Rule Elements

Configuring a new user set Configuring a new content type element Configuring a new schedule element Configuring a new URL set

Internet Den-ISA-01

Den-DC-01

Lesson: Configuring Access Rules for Internet Access

What Are Access Rules?

How Network Rules and Access Rules Are Applied

About Authentication and Internet Access

How to Configure Access Rules

How to Configure HTTP Policy

How to Troubleshoot Access to Internet Resources

What Are Access Rules?

Destination Site

Destination Network Destination IP

Source network Source IP Schedule Content Type

Schedule Content Type

Access rules always define:

action on traffic from user from source to destination with conditions

ISA Server ISA Server

4

2

Domain Controller Domain Controller

1

Network Rules

Network Rules 3 Access Access Rules Rules

5

Web Server Web Server

6

How Network Rules and Access Rules Are Applied

About Authentication and Internet Access

Authentication and ISA Server Clients

Authentication Methods

 Basic authentication

 Digest authentication

 Integrated Windows authentication

 Digital certificates authentication

 RADIUS authentication

 RSA SecureID authentication

How to Configure Access Rules

How to Configure HTTP Policy

Configure additional filtering options

Internet Den-ISA-01

Den-DC-01

Practice: Managing Access Rules

Creating a DNS Lookup Rule Creating a Managers Access Rule Testing Internet Access

Den-Clt-01

How to Troubleshoot Access to Internet Resources

Use ISA Server logging to determine which access rule is

granting or denying access

Use ISA Server logging to determine which access rule is

granting or denying access

To troubleshoot Internet access issues:

Check for DNS name resolution

Determine the extent of the problem

Review access rule objects and access rule configuration

Review access rule order

Check access rule authentication

Check for DNS name resolution

Determine the extent of the problem

Review access rule objects and access rule configuration

Review access rule order

Check access rule authentication

Lab: Enabling Access to Internet Resources

Exercise 1: Configuring ISA Server Access Rule Elements

Exercise 2: Configuring ISA Server Access Rules

Exercise 3: Testing ISA Server Access Rules

Den-ISA-01

Den-ISA-02