Deploying and Managing Microsoft® Internet Security and Acceleration Server 2000

Deploying and Managing Microsoft Internet Security and Acceleration Server 2000 iii Contents Introduction Course Materials ...2 Prerequisites...3 Course Outline ...4 Setup ...6 Microso

Part Number: X08-53242

Released: 1/2001

Delivery Guide

Deploying and Managing

Acceleration Server 2000

Course Number: 2159A

with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2001 Microsoft Corporation All rights reserved

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting, Outlook, PowerPoint, Visual Basic, Visual C++, Visual Studio, Windows, Windows Media, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

Other product and company names mentioned herein may be the trademarks of their respective owners

Course Number: 2159A

Part Number: X08-53242

Released: 1/2001

Deploying and Managing Microsoft Internet Security and Acceleration Server 2000 iii

Contents

Introduction

Course Materials 2

Prerequisites 3

Course Outline 4

Setup 6

Microsoft Official Curriculum 8

Microsoft Certified Professional Program 9

Facilities 11

Module 1: Overview of Microsoft ISA Server Overview 1

Introducing ISA Server 2

Using Caching 8

Using Firewalls 11

Deployment Scenarios for ISA Server 19

Review 24

Module 2: Installing and Maintaining ISA Server Overview 1

Installing ISA Server 2

Installing and Configuring ISA Server Clients 15

Lab A: Installing ISA Server and Configuring Clients 24

Maintaining ISA Server 36

Lab B: Configuring ISA Server 44

Review 51

Module 3: Enabling Secure Internet Access Overview 1

Access Policy and Rules Overview 2

Creating Policy Elements 6

Configuring Access Policies and Rules 18

Configuring Bandwidth Rules 24

Using ISA Server Authentication 28

Lab A: Enabling Secure Internet Access 35

Review 52

Module 4: Configuring Caching Overview 1

Cache Overview 2

Configuring Cache Policy 6

Configuring Cache Settings 17

Configuring Scheduled Content Downloads 20

Lab A: Configuring Caching 22

Review 29

Module 5: Configuring Access for Remote Clients and Networks

Overview 1

VPN Overview 2

Configuring VPNs 6

Lab A: Configuring Virtual Private Networks 12

Review 20

Module 6: Configuring the Firewall Overview 1

Securing the Server 2

Examining Perimeter Networks 6

Examining Packet Filtering and IP Routing 10

Configuring Packet Filtering and IP Routing 17

Configuring Application Filters 24

Lab A: Configuring the Firewall 35

Review 45

Module 7: Configuring Access to Internal Resources Overview 1

Introduction to Publishing 2

Configuring Web Publishing 10

Configuring Server Publishing 20

Adding an H.323 Gatekeeper 27

Lab A: Configuring Access to Internal Resources 32

Review 45

Module 8: Monitoring and Reporting Overview 1

Planning a Monitoring and Reporting Strategy 2

Monitoring Intrusion Detection 3

Monitoring ISA Server Activity 14

Analyzing ISA Server Activity by Using Reports 19

Monitoring Real-Time Activity 27

Testing the ISA Server Configuration 32

Lab A: Monitoring and Reporting 34

Review 41

Module 9: Configuring ISA Server for an Enterprise Overview 1

Introducing ISA Server Enterprise Edition 2

Installing ISA Server in the Enterprise 7

Using Enterprise Policies and Array Policies 19

Managing Network Connections 25

Scaling ISA Server 36

Extending and Automating ISA Server Functionality 42

Lab A: Configuring ISA Server for the Enterprise 47

Review 58

Appendix A

Deploying and Managing Microsoft Internet Security and Acceleration Server 2000 v

About This Course

This section provides you with a brief description of the course, audience, suggested prerequisites, and course objectives

Description

This three-day instructor-led course provides information technology (IT) professionals with the knowledge and skills to deploy and manage Microsoft® Internet Security and Acceleration (ISA) Server 2000

Audience

This course is designed specifically for IT professionals and is not intended for network architects Three of the major job roles performed by IT professionals

to be addressed by this course include:

Web administrators Responsible for securing external access to internal

Web servers

Network administrators Responsible for monitoring and administering

internal network traffic

Security administrators Responsible for security of the network

Student Prerequisites

This course requires that students meet the following prerequisites:

Successful completion of Course 2152, Implementing Microsoft Windows 2000 Professional and Server, or equivalent knowledge of

Microsoft Windows® 2000 Professional and Server

Successful completion of Course 2153, Implementing a Microsoft Windows 2000 Network Infrastructure

Course Objectives

After completing this course, the student will be able to:

Explain the role of ISA Server in an enterprise network

Install and configure ISA Server as a cache server and as a firewall

Configure access policies to enable secure Internet access for client computers

Configure ISA Server as a cache server

Configure ISA Server as a virtual private network (VPN)

Configure ISA Server as a firewall

Configure access to selected internal resources

Monitor ISA Server activities by using alerts, logging, reporting, and real-time monitoring

Install and configure ISA Server in an enterprise environment

Course Timing

The following schedule is an estimate of the course timing Your timing may vary

Day 1

Start End Module

8:30 9:00 Introduction 9:00 10:00 Module 1: Overview of Microsoft ISA Server

10:15 11:15 Module 2: Installing and Maintaining ISA Server 11:15 11:45 Lab A: Installing ISA Server and Configuring Client Computers 11:45 12:00 Module 2: Installing and Maintaining ISA Server (continued)

1:00 1:30 Lab B: Configuring ISA Server 1:30 2:30 Module 3: Enabling Secure Internet Access

2:45 3:45 Lab A: Enabling Secure Internet Access

Day 2

Start End Module

9:45 10:30 Lab A: Configuring Caching

10:45 11:30 Module 5: Configuring Access for Remote Clients and

Networks 11:30 12:15 Lab A: Configuring Virtual Private Networks

1:15 2:45 Module 6: Configuring the Firewall

3:00 3:30 Lab A: Configuring the Firewall 3:30 4:45 Module 7: Configuring Access to Internal Resources

Deploying and Managing Microsoft Internet Security and Acceleration Server 2000 vii

Day 3

Start End Module

9:15 10:45 Lab A: Configuring Access to Internal Resources

11:00 12:00 Module 8: Monitoring and Reporting

1:00 1:30 Lab A: Configuring Monitoring and Reporting 1:30 3:00 Module 9: Configuring ISA Server for an Enterprise

3:15 4:30 Lab A: Configuring ISA Server for the Enterprise

Trainer Materials Compact Disc Contents

The Trainer Materials compact disc contains the following files and folders:

Default.htm This file opens the Trainer Materials Web page

Readme.txt This file contains a description of the compact disc contents and

setup instructions in ASCII format (non-Microsoft Word document)

2159A_ms.doc This file is the Manual Classroom Setup Guide It contains

the steps for manually installing the classroom computers

2159A_sg.doc This file is the Classroom Setup Guide It contains a

description of classroom requirements, classroom configuration, instructions for using the automated classroom setup scripts, and the Classroom Setup Checklist

Errorlog This folder contains a template that is used to record any errors

and corrections that you find in the course

Fonts This folder contains fonts that are required to view the Microsoft

PowerPoint® presentation and Web-based materials

Mplayer This folder contains files that are required to install Microsoft

Windows Media™ Player

Powerpnt This folder contains the PowerPoint slides that are used in this

course

Pptview This folder contains the PowerPoint Viewer, which is used to

display the PowerPoint slides

Studentcd This folder contains the Web page that provides students with

links to resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites

Tprep This folder contains the Trainer Preparation Presentation, a narrated

presentation that explains the instructional strategy for the course and presentation tips and caveats To open the presentation, on the Trainer

Materials Web page, click Trainer Preparation Presentation

Deploying and Managing Microsoft Internet Security and Acceleration Server 2000 ix

Student Materials Compact Disc Contents

The Student Materials compact disc contains the following files and folders:

Default.htm This file opens the Student Materials Web page It provides

you with resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites

Readme.txt This file contains a description of the compact disc contents and

setup instructions in ASCII format (non-Microsoft Word document)

AddRead This folder contains additional reading pertaining to this course

Answers This folder contains answers to any questions in the modules and

hands-on labs

Fonts This folder contains fonts that are required to view the Microsoft

PowerPoint® presentation and Web-based materials

Labfiles This folder contains files that are used in the hands-on labs These

files may be used to prepare the student computers for the hands-on labs

Media This folder contains files that are used in multimedia presentations

for this course

Mplayer This folder contains files that are required to install Microsoft

Windows Media™ Player

Pptview This folder contains the PowerPoint Viewer, which is used to

display the PowerPoint presentations that accompany the additional reading

Webfiles This folder contains the files that are required to view the Student

Materials Web page

Wordview This folder contains the Word Viewer that is used to view any

Word document (.doc) files that are included on the compact disc

Document Conventions

The following conventions are used in course materials to distinguish elements

of the text

Convention Use

heading when additional information on the topic is covered on the page or pages that follow it

bold Represents commands, command options, and syntax that must be

typed exactly as shown It also indicates commands on menus and buttons, dialog box titles and options, and icon and menu names

italic In syntax statements or descriptive text, indicates argument names

or placeholders for variable information Italic is also used for introducing new terms, for book titles, and for emphasis in the text Title Capitals Indicate domain names, user names, computer names, directory

names, and folder and file names, except when specifically referring to case-sensitive names Unless otherwise indicated, you can use lowercase letters when you type a directory name or file name in a dialog box or at a command prompt

ALL CAPITALS Indicate the names of keys, key sequences, and key combinations

— for example, ALT+SPACEBAR

monospace Represents code samples or examples of screen text

[ ] In syntax statements, enclose optional items For example,

[filename] in command syntax indicates that you can choose to

type a file name with the command Type only the information within the brackets, not the brackets themselves

{ } In syntax statements, enclose required items Type only the

information within the braces, not the braces themselves

In syntax statements, specifies that the preceding item may be

repeated

Represents an omitted portion of a code sample

THIS PAGE INTENTIONALLY LEFT BLANK