From the ISA server side, the web proxy configuration is performed by clicking Networks in the management console to open the Networks configuration screen and then right-clicking the in
Trang 1Configuring the Web Proxy Client
The web proxy client is any system that has been configured to use a proxy for Winsock applications This is typically done in the client web browser settings, specifying the IP address and port number that should be used to access the proxy server From the ISA server side, the web proxy configuration is performed by clicking Networks in the management console to open the Networks configuration screen and then right-clicking the internal network and selecting Properties, as shown in Figure 8-17
Figure 8-17 Selecting the Internal Network Properties
[View full size image]
From the Internal Network Properties screen, select the Web Proxy tab and specify whether to enable web proxy clients (by default, they are enabled) and define the port number that the clients will connect on You can click Authentication to define which users will/will not be permitted access Figure 8-18 shows the Web Proxy tab
Figure 8-18 Web Proxy Configuration
Trang 2Configuring the Firewall Client
Configuring the firewall client is a little bit more involved than the other client
configurations First, the firewall client must be installed on the client computers This can be done in the following manners:
• Via file sharing and manually running the installation
• Via Active Directory Group Policy
• Via silent installation scripts and integration with login scripts
• Via Microsoft Systems Management Server (SMS)
During the firewall client installation, you must specify the ISA server that the firewall client will get its configuration from This step allows you to manage the firewall client
Trang 3configuration at a single location, the ISA Server 2004 firewall itself, and ensure that all firewall clients receive the same configuration settings
On the ISA server itself, two general firewall client configuration tasks need to be performed
Step 1 Configure the general firewall client configurations settings
Step 2 Configure the firewall client application settings
The firewall client general configuration is performed in a similar fashion to the web proxy client configuration Just right-click the appropriate network in the management console, choose Properties, and then select the Firewall Client tab, as shown in Figure
8-19
Figure 8-19 Firewall Client Tab
Trang 4Doing so enables you to define settings such as the configuration script that should be used and whether the client should use a proxy server In addition, you can specify the names of domains that the firewall client should not apply to by selecting the Domains tab and entering the domain name
The firewall client application settings can be configured by clicking General in the management console then clicking Define Firewall Client Settings Doing so launches the Firewall Client Settings screen, as shown in Figure 8-20 On this screen, you can define applications that will or will not be permitted to run on the client computer and how permitted applications will be allowed to communicate on the network An important thing to keep in mind is that the application name is a constant; so if the users change the name of the application (for example, from kazaa.exe to happy.exe), the firewall client settings no longer apply, because the application name no longer matches the name that was defined An alternative is to use third-party products that integrate with Microsoft ISA Server 2004
Figure 8-20 Firewall Client Settings Screen
Trang 5Caching Web Data
Configuring the firewall to cache web data is a straightforward process In the
management console, navigate to the Cache screen, right-click the server, and choose Properties to launch the Server Cache Properties screen, as shown in Figure 8-21 Notice how the Cache icon has a red arrow pointing down, denoting that caching is not currently enabled
Figure 8-21 Launching the Cache Properties Screen
[View full size image]
Trang 6To enable caching, just select the drives and the maximum cache size and click Set When you have finished, click OK and then click Apply to apply the configuration
change to the firewall You must restart the ISA services before the caching functionality will be enabled
When caching has been enabled, you can define rules regarding what data should be cached and how it should be cached by selecting the Cache Rules tab from the Cache screen and defining an appropriate rule Like most other tasks in Microsoft ISA Server
2004, this is a wizard-driven process that is relatively straightforward and easy to
understand
Microsoft ISA Server 2004 Checklist
Enabling and configuring Microsoft ISA Server 2004 can be a relatively complex task It
is not something that should be performed without extensive planning and design prior to implementation To get a basic ISA Server 2004 implementation in place and operational, the following tasks should be performed:
Step 1 Install the underlying operating system
Step 2 Ensure that network services such as DNS are functioning properly
Trang 7Step 3 Configure routing on the firewall as required
Step 4 Determine the firewall clients that will be implemented
Step 5 Determine the edition of Microsoft ISA Server 2004 that is most appropriate
for your environment
Step 6 Install ISA Server 2004
Step 7 Harden the appropriate underlying operating system and applications
Step 8 Configure the system policy rules
Step 9 Configure access rules (filter outbound access)
Step 10 Configure server publishing rules (filter inbound access)
Step 11 Enable web data caching
Step 12 Configure the firewall clients accordingly
Step 13 Perform application filtering
Step 14 Configure additional functionality (that is, VPN, remote logging, and so on) as
required