Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario... © Using public or private IP addresses in the perimeter network © Deploying the ISA Ser
Trang 1
Module 12: Implementing
ISA Server 2004 Enterprise
Edition: Back-to-Back
Firewall Scenario
Trang 2Overview
⁄
© Implementing a Back-to-Back Firewall Scenario
© Lab: Implementing a Back-to-Back Firewall Scenario
Trang 3
Lesson: Implementing a Back-to-Back Firewall Scenario
La
© Issues in Deploying a Back-to-Back Firewall Solution
© Guidelines for Configuring ISA Servers in a Workgroup
© Guidelines for Implementing Network Load Balancing
© Guidelines for Configuring a Front-End Firewall Array
© Guidelines for Configuring a Back-End Firewall Array
+
Trang 4Issues in Deploying a Back-to-Back Firewall Solution
“
‘Issues in deploying a back-to-back firewall configuration - include:
“=
© Using public or private IP addresses in the perimeter
network
© Deploying the ISA Server computers in a domain or
workgroup
© Configuring network load balancing
© Configuring name resolution and network routing
© Configuring access to Configuration Storage servers
© Configuring configure publishing rules and access rules
© Configuring SSL connections
© Configuring user authentication
` A)
Trang 5Guidelines for Configuring ISA Servers in a Workgroup
i
-
ISA Server Enterprise Edition supports the following
deployment scenarios:
© Deploying all ISA Server components on domain members
© Deploying all ISA Server components on workgroup
members
© Deploying ISA Server components in a mixed
configuration
&
You can change the deployment configuration after
deployment
Trang 6
Guidelines for Implementing Network Load Balancing
&
Configuring intra-array addressing:
© Used by array members to communicate with other array
members
© If not enabling NLB, use the internal network for the intra-
array network
© lf enabling NLB, create a separate IP address ora
separate network for the intra-array addresses
`
&
N
‘When configuring network load balancing:
© Do not use a layer-2 switch to connect array members
© If all networks are enabled for NLB, add an additional
network adapter and create a separate network for intra-
array traffic
Trang 7
Guidelines for Configuring a Front-End Firewall Array
Ác
When configuring a back-to-back firewall, begin by defining
the Internal and External networks for both arrays
~
On the front-end firewall array, you need to configure:
4
© Network routing
© The Internal network IP addresses
© The network relationship
© Access to resources on the perimeter network
© Access to resources on the Internal network
© SSL publishing for perimeter network servers
© SSL publishing for Internal network servers
Trang 8Guidelines for Configuring a Back-End Firewall Array
Ác
‘On a back-end firewall array, you need to configure:
le The internal network IP addresses
© Network routing
© The perimeter network on the internal array
© Network objects
© Access to perimeter network resources
© Access for front-end ISA Server computers
© Access to resources on the Internal network
Trang 9
Practice: Planning a Back-to-Back Firewall Deployment
&
In this practice, you will analyze a scenario
for deploying a back-to-back firewall
' solution and plan the front-end array and
“= back-end array configuration
Trang 10
Lab 12: Implementing a Back-to-Back Firewall Scenario
Den-DC-01 —_ Den-ISA-01 _ISA- Den-ISA-03 Gen-Web 01 : ;
Den-Msg-01 Den-ISA-02
Den-DC-01 Den-ISAEE-01 Den-CSS-01 Den-ISAEE-02