Policy configuration and server Publishing for ISA firewall

1. Enterprise and Array

Enterprise is a logical concept, similar to the domain in Windows, is the embodiment of enterprise management model in firewall software

An array is a combination of a set of ISA computers. All members of the array share the same configuration, simplifying the management of the firewall

Network structure

The network structure includes: Local host network, internal network, external network.

Local Host network: The local Host network represents the ISA Server computer itself. All communication between internal and external networks is through the local host network. The local host network defines a set of IP addresses that include all IP addresses that are bound to the network adapter on the local ISA Server computer and 127.0.0.1. For example, ISA server has two network adapters, IP addresses are 192.168.2.65 and 61.139.0.5 respectively. Then, its local host network includes the above two IP addresses, but also includes 127.0.0.1.

Internal network: The internal network corresponds to the network to be protected within the company, and the internal network is generally considered to contain a trusted range of IP addresses. When you install ISA Server 2006, you must configure at least one default internal network, or you can specify multiple other internal networks. All computers in the corporate LAN are protected by ISA Server on the internal network.

External network: A network outside of the ISA server firewall is an external network. An external network typically refers to an Internet network that has a public IP address. When ISA Server is installed, the external network contains all addresses that are not included in the internal network, the IP address of the local host network (including 127.0.0.1).

2. Network templates

To facilitate the setting of firewall policies, ISA provides 5 predefined network templates for users

Edge Firewall:

The company ISA Server has two network connections, one to connect to the internal network and the other to connect to the external network

3 to the perimeter network:

ISA Server network topology that connects the internal network, external network, and perimeter network. Perimeter network that is the DMZ area

Front firewall

ISA server connects the topology of the external network and perimeter network as a front-end firewall with a built-in firewall configured to protect the internal network at the back end

Back-end Firewalls

A firewall configuration that connects the perimeter network and the internal network to protect the internal network for the back-end firewall

3. Firewall Policy

Firewall policies consist of policy elements that specify parameters for firewall rules, and ISA server allows you to create multiple policy elements that can be reused in different security rules.

The policy elements of ISA include:

Agreement:

Protocol type: TCP, UDP, ICMP, or IP

Direction: UDP includes send, receive, send receive, or receive send. TCP includes "Inbound" and "outbound." ICMP and IP include "send" and "Send Receive"

Port range: TCP and UDP ports range from 1 to 65535

Protocol number: IP-level protocols are between 0 and 254

User:

Can include one or more users from any authentication scheme (mechanism)

ISA server pre-defined the following users:

All certified Users

All Users

System and network Services

Content Type:

ISA can check the contents of a packet based on defined rules to restrict or filter certain content

Plan:

Time plan is used to set the time frame, which can be divided into many times 24 hours per day according to enterprise requirement

ISA predefined time plan element:

Weekend (weekends), including Saturday and Sunday

Working hours (Work hours), including 9:00 to 5:00 from Monday to Friday

Network objects:

Network: Network is a certain range of IP address

Network set: A network set contains one or more networks

Computer: A computer represents an IP address

Address ranges, subnets, and computer sets: representing a range of IP addresses