isa sever 2006 configuration

0 ISA Server 2006 Configuration

www.phoelapyae.com

ISA Server 2006 Configuration

2010

27/8/2010


www.phoelapyae.com

ISA Server proxy server

squid proxy ISA Server

Window ISA Server

ISA Server 2006

Window Server 2003 Window Server 2003 edition

edition ISA Server . Windows Server 2003 Standard Edition (32 bit) with SP1 . Windows Server 2003 Enterprise Edition (32 bit) with SP1 . Windows Server 2003 R2 Standard Edition (32 bit) . Windows Server 2003 R2 Enterprise Edition (32 bit)

Window Server ISA Server

Window Server 2003

ISA Server ISA Server 2006 mouse configure

:P Window Server 2003 ISA Server 2006

ISA Server

..

http://www.linglom.com/category/security/isa/

http://www.isaserver.org/

..:D

ISA Server 2006 Configure ..


www.phoelapyae.com

Deploying ISA Server 2006 as a Content Caching Server

ISA Server cache server

ISA Server Microsoft Proxy Server

Microsoft Proxy Server ISA acceleration cache server

ISA(Internet Securiy and Acceleration)

..

client-1 web site cache folder client-2

website ISA server cache folder

cache folder web site

bandwidth ISA server cache server cache


www.phoelapyae.com

Cache --> Cache Drivers Define Cache Drives

hardisk partition size C partition

C 1000MB Cache Rule

Cache Content

Cache --> Cache Rule Create a Cache Rule


www.phoelapyae.com

Cache Rule Winzard Next

destination cache external


www.phoelapyae.com

Add Next


www.phoelapyae.com

=> Only if a Valid Version of the Object Exists in the Cache. If No Valid Version Exists, Route the Request to the Server

In this scenario, which is the default option, a requesting client has a cached object returned only if the object exists in the cache and has not expired.

If there is not a current version, the ISA server routes the request to the web server on the Internet.

=> If Any Version of the Object Exists in the Cache. If None Exists, Route the Request to the Server

For this option, the ISA server returns an object in the cache, even if it has expired. If it does not exist in the cache, it routes the request to

the web server on the Internet. This option can run the risk of supplying stale data to requesting clients.

=>If Any Version of the Object Exists in the Cache. If None Exists, Drop the Request (Never Route the Request to the Server)

With this option, clients get web data only from objects that exist in the cache. If an object isnt in the cache, the

request fails. This is a highly restrictive option, but is useful in scenarios where only specific content is meant to be made available

to web-browsing clients, and that content is made available with Content download jobs.


www.phoelapyae.com

option Next

Next


www.phoelapyae.com


www.phoelapyae.com

Apply ..

menu

cache


www.phoelapyae.com

ISA Server 2006 cache create cache rule

Network Creation Firewall Policy internal nework

squid internal network firewall policy allow

Network Topology ISA Network Topology

Network Template small network

Edge Firewall


www.phoelapyae.com

Network --> Templates Edge Firewall Network Card 2

internal network

Next


www.phoelapyae.com

Next


www.phoelapyae.com

Add Adapter internal network Local Area Connection 2

Local Area Connection 2 internal network NIC NIC IP Range

192.168.0.1 Next


www.phoelapyae.com

Allow unrestriced access


www.phoelapyae.com

Network

Firewall Policy squid proxy allow/deny

Firewall Policy --> Tasks Create Access Rule

allow and deny Allow


www.phoelapyae.com


www.phoelapyae.com

Selected protocols Add protocol web cache

HTTP and HTTPS

Next


www.phoelapyae.com


www.phoelapyae.com

Access Rule Source source

Localhost Add

Add Next


www.phoelapyae.com

Access Rule Destination External External(internet) resource internal network


www.phoelapyae.com

User Next


www.phoelapyae.com

ISA Server internal network

client web browser server ip address and

port port 8080 default server ip

192.168.0.1

client client client

Client Configuration

ISA Server run client

configure web browser host and port

ISA client

(1) Secure NAT client

(2) Web Proxy client

(3) Firewall client

client ISA Server support client type client

client type

(1)Secure NAT client

server ip address client ip configuraion default gateway


www.phoelapyae.com

' 192.168.137.1 Server IP Address

(2)Web Proxy client

web browser HTTP host and port

address port 8080 mozilla firefox ..


www.phoelapyae.com

(3)Firewall client

software Download

http://www.linglom.com/2009/11/25/getting-started-with-microsoft-isa-server-2006-part-9-client-configuration/


www.phoelapyae.com

ISA Server 2006 Configuration For Parent Proxy

configuration direct connection

proxy number parent proxy

web chaining rule

host and port

Networks --> Web Chaining --> Tasks --> Create New Web Chaining Rule


www.phoelapyae.com

Destination External Add


www.phoelapyae.com

proxy host and port Redirect requests to a specified upstream server

host and port username and password


www.phoelapyae.com

username and password Use this account Set Account

username and password host and port

Use this account

Next


www.phoelapyae.com

upstream server down Ignore

proxy host and port


www.phoelapyae.com

How to allow ping from local computer to ISA Server

ISA Server Local computer

ping .. ping

.. ping ?

ISA Server remote desktop .. ping

local computer

ping connect remote desktop

ping ..

Firewall Policy Edit System Policy

Sysmtem Policy Editor ICMP(Ping)


www.phoelapyae.com

Default Enable ? .. enable


www.phoelapyae.com

From tab Remote Management Computers enable Remote

Management Computers IP Address

Remote Management Computers ping IP Address

Remote Management Computers Edit


www.phoelapyae.com

Add --> Computer local computer ip address ping address

Name IP Address ip


www.phoelapyae.com

Description ..

internal network computer server ip ping

reply

http://www.elmajdal.net/isaserver/How_to_Allow_Ping_From_Selected_Computers_To_ISA_Server_Machine.aspx


www.phoelapyae.com

Remote Desktop to ISA Server 2006 Using Microsoft Management Console (MMC)

Remote Desktop

control

control

configure

monitor keyboard :P ISA Server Remote Desktop

1. Microsoft Management Console (MMC)

2. Terminal Server

3. Web Management

MMC Terminal Server MMC ISA Server manage ISA Server

connect Terminal Server ISA Server connect

Microsoft Management Console (MMC)

Firewall policy --> Edit System Policy


www.phoelapyae.com

Remote Management .. MMC , Terminal Server and Web Management


www.phoelapyae.com

From tab Remote Management Computers Edit Remote Management

Computers IP


www.phoelapyae.com

Add --> Computer

client ip


www.phoelapyae.com

..

client remote

client manage client ISA Server 2006

ISA Server 2006

Connect to Local or Remote Server


www.phoelapyae.com

Another Computer(remote management) IP Address


www.phoelapyae.com

ISA Server IP Address IP Address internal IP

192.168.0.1 Username and Password Window Server 2003

Login user and password ISA Server remote

disconnect

ISA Server remote desktop

http://www.elmajdal.net/isaserver/Administrating_ISA_Server_2006_Remotely_Using_MMC_and_Remote_Desktop_Connection.aspx

Remote Desktop to ISA Server 2006 Using Terminal Server

Microsoft Management Console (MMC) remote desktop

Terminal Server remote desktop

Remote Managemnet Computers Edit


www.phoelapyae.com

Edit internal network computer ip address


www.phoelapyae.com

Terminal Server enable

Start > Administrative Tools > Terminal Services Configuration


www.phoelapyae.com

right click RDP-Tcp Properties Network Adapter Internal

NIC


www.phoelapyae.com

wireless wireless NIC .. NIC

My Computer right click --> Properties

Enable Remote Desktop on this computer

...

client manage ..

( window 7) Start > All Programs > Accessories > Remote Desktop Connection


www.phoelapyae.com

Computer server name(or)ip address Connect

username and password Window Server login password

Login


www.phoelapyae.com

http://www.elmajdal.net/isaserver/Administrating_ISA_Server_2006_Remotely_Using_MMC_and_Remote_Desktop_Connection.aspx

Bandwidth Control With ISA Server 2006

ISA Server bandwidth control built in feature third party software

bandwidth control

bandwidth control ....

Free Realtime NetFlow Analyzer Bandwidth Splitter Internet Administrator Bandwidth Controller Enterprise TrafficQuota Websense Enterprise Bandwidth Optimizer ..

client TrafficQuota

client

limit

bandwidth

..

TrafficQuota

TrafficQuota

http://ifile.it/m4nrk1v

(or)

http://www.mediafire.com/?7j97j3i5f78rhad

(or)

http://dl.dropbox.com/u/9563152/TrafficQuota.rar


www.phoelapyae.com

(or)

http://centralupload.com/files/14309_cn7kq/TrafficQuota.rar

ISA Server integrate

TrafficQuota --> Computer New Quota --> Computer create IP

Address

Computer User User


www.phoelapyae.com

ip client ip

Bandwidth download and upload Outgoing and incoming

Daily , Weekly, Monthly


www.phoelapyae.com

www.myanmarengineer.org www.phoelapyae.com

....

isa sever 2006 configuration

Documents