ISA server restricts access to and opens up internal resources and system maintenance

1. Restrict Internet access
Create access rules. In the access rule attributes, You can restrict the Internet access time and access audio and video.
Open access to internal network resources
After an ISA firewall is established in an enterprise network, Internet users cannot access internal networks, including network services and resources. Therefore, we need to release the specified service.
Publish an internal SSL website
1. Create a virtual SEC Directory on the Web site and enable SSL
2. configure external DNS servers
3. Configure the internal DNS Server
4. Release the DNS server and the external DNS server on ISA (you can also add the corresponding host records in the hosts file of the external computer)
5. Create a Certificate Server (install iis and install Certificate Service)
6. create a certificate application file on the Web server (when you apply for a certificate, the public name of the certificate is crucial. It must match the domain name used when an Internet user accesses the website. If not, an error message is displayed .)
7. submit the certificate application to the Certificate Server, log on to the Certificate Server, issue and download the certificate.
8. Install the certificate on the Web server (on the IIS console, select "Directory Security" to suspend the certificate you have applied)
9. let the Web server and the ISA computer trust the CA (download the CA certificate chain from the WEB server, import the certificate chain file to the Web server "Trusted Root Certificate Authority" and then perform the same steps to make the ISA computer trust the CA)
10. Export the website certificate to the storage file (export the private key)
11. Import the website certificate to the ISA computer (copy the exported website certificate to the ISA computer and then import it. After the certificate is imported successfully, use the "http://www.bkjia.com" and "https://www.2cto.com/soft?#unencrypted and encrypted pages on the ISA computer to ensure that the certificate is successfully imported. If it fails, create an internal access rule for ISA on ISA and point the preferred DNS server address of the NIC in ISA to the internal DNS .)
12. Publish an internal SSL website
13. test whether the website is successfully published (access "http://www.bkjia.com" and "https://www.2cto.com/soft?##unencrypted pages and encryption pages on the Internet PC ,)
 
2. Release the internal Exchange ssl owa website
1. Create an Exchange 2007 email server (install Exchange 2007 to ensure that you can access the email server through OWA)
2. Configure the DNS server (Internet DNS, configure MX records)
3. Configure the DNS server (intranet DNS, configure MX records)
4. Publish the DNS server (publish the Internet DNS on the ISA firewall)
5. Create a Certificate Server (log on to the mail server as administrator, install and configure the Certificate Server ("Enterprise CA "))
6. Configure the Web server certificate and export the certificate (IIS manager, by default, the website "properties" creates a new "server certificate", exports the private key, and configures the key to save the password)
7. Import the certificate to the ISA Server (copy the exported certificate to the ISA computer and import the certificate to the ISA computer)
8. Configure ISA access rules (the Protocol is "HTTP, HTTPS ")
9. Establish Certificate Trust (the trust relationship on the certificate must be established between the ISA server and the Exchange server through the CA certificate chain)
10. Publish email server (create "Exchange web Client Access Publishing rule ")
11. Verify that the email server is published (accessed using the OWA client)
 
Iii. ISA system maintenance
Backup and recovery of ISA Server
ISA provides backup and recovery features, allowing you to save system information so that configuration information can be restored when the system fails.
Backup content:
Configuration of the entire ISA Server
All networks, or a selected Network
All network rules, or a selected network rule
Download all content in the cache configuration, or one or more selected content download jobs
The entire firewall policy or a selected rule
...
(System policy rules cannot be backed up by default when you back up firewall policies. You can use the "Export System Policy" task to back up system policies .)
Backup time
Change the cache size or location
Change firewall policy
Modify rule Basics
Change System Rules
Change the network, such as changing the network definition or network rules
Assign management permissions or delete delegates
(Regularly back up specific configurations of the ISA Server on the network, such as local application filters, performance parameters, cached content, and log files. The information is not backed up by the ISA Server, but can be backed up by the Backup program of the Windows operating system .)
 
Execute ISA backup
(Only enterprise administrators or auditors can back up enterprise configurations. To back up confidential information, you must be an enterprise administrator. Because the backup configuration file contains sensitive information, you need to protect the security of the file. Specify a strong password to ensure proper protection of the encrypted information. If the password can provide effective defense to prevent unauthorized access, the password can be considered as a strong password .)
 
Use Backup to restore ISA configurations
Note the following when restoring array Configuration:
You cannot back up the configuration of an array and then restore it to another array or server.
The Enterprise configuration backup cannot be restored to the array.
If you want to restore the array configuration, and the enterprise policy settings used for backup are different, you cannot restore the array location.
 
ISA Server Log Management
ISA provides a series of monitoring tools for tracking network status and ISA Communication
ISA's monitoring functions include:
Alert
Session
Service
Report
Connectivity
Logs
ISA logs are records of ISA running conditions.
Log storage format
MSDE Database
SQL database
Files (ISA server logs are saved to files in W3C format and ISA Server Format)
Log content settings
Edit filter: You can set the content that the Administrator cares about.
Configure Firewall logs: Set the firewall-related fields recorded in logs.
Configure Web Proxy log: configure the Web Proxy content recorded in the log.
ISA Server alert
An alert is used to monitor the occurrence of a specific event. If a preset event occurs, the system notifies the Administrator to take corresponding measures as specified by the Administrator.
Create and configure new alerts (you can create and configure alerts based on the category and severity of monitoring events)
 
ISA Server Report
In addition to tracking security events through logs, you can also use the ISA report to track ISA events.
What can be displayed in the ISA report:
Users accessing the site and websites being accessed
Currently the most common protocols and Applications
Standard Communication Mode
Cache Ratio
Report method of work
The ISA report mechanism combines ISA logs into the databases of each ISA computer. When a report is created, all the related summary databases are merged into a report database. The report is created based on these merged summaries.
 
Author: Hello blog