First, restrict internet access
Create access rules, in Access rule properties, to limit Internet time and access to audio and video
Open access to internal network resources
After the ISA firewall is established in the Enterprise network, the extranet users can't access the internal network, including the network services and resources. So we're going to post the specified service.
Publish an internal SSL Web site
1. Establish the SEC virtual directory in the Web site and enable SSL
2. Configure external DNS servers
3. Configure the internal DNS server
4. Publish a DNS server, publish an external DNS server on ISA (or add the corresponding host record to the hosts file of the external computer)
5. Establish a Certificate Server (install IIS, install Certificate Services)
6. Establish a certificate request file on the Web server (when requesting a certificate, the certificate common name is critical, it must match the domain name used by the extranet user to access the site exactly, and if it does not match, an error message will appear.) )
7. Submit certificate request to Certificate Server, login Certificate Server, issue and download certificate.
8. Install the certificate on the Web server (in the IIS Administrator Web site properties, select "Directory Security" to suspend the requested certificate)
9. Let the Web server and the ISA computer trust the CA (download the CA certificate chain on the Web server, import the certificate chain file to the Web server trusted root certification authority, and then follow the same steps to make the ISA computer trust the CA)
10. Export Web site certificate to save file (Export private key)
11. Import the Web site certificate to the ISA computer (the exported Web site certificate replicates the ISA computer and then imports it.) Once the certificate has been successfully imported, use "http://www.qq.com" and "Https://www.qq.com/sec" on the ISA computer to access the unencrypted pages and encrypted pages to ensure successful access. If unsuccessful, establish ISA to internal access rules on ISA and point to internal DNS with the preferred DNS server address for the ISA internal network card.
12. Publish an internal SSL Web site
13. Test Web Site Publishing Success (Extranet PC Access "http://www.qq.com" and "https://www.qq.com/sec" access to unencrypted pages and encrypted pages)
Second, publish internal Exchange SSL OWA Web site
1. Establish an Exchange 2007 mail server (install Exchange 2007 to ensure that users can access the mail server through OWA)
2. Configuring the DNS server (extranet DNS, configuring MX Records)
3. Configure the DNS server (intranet DNS, configure MX records)
4. Publish DNS server (publish extranet DNS on ISA firewall)
5. Establish a Certificate Server (log on to the mail server as an administrator, install and configure the Certificate Server ("Enterprise CA"))
6. Configure the Web server certificate and export the certificate (IIS Manager, Default Web site properties, create a new server certificate, export the private key, and configure the key save password)
7. Import certificates into ISA Server (copy previously exported certificates to ISA computer, import certificates to ISA computer)
8. Configure ISA access rules (protocol "Http,https")
9. Establish certificate trusts (need to establish trust relationships on certificates between ISA Server and Exchange Server, implemented through CA certificate chain)
10. Publish mail server (create Exchange Web Client Access publishing rules)
11. Verifying Mail server Publishing (using OWA Client Access)
Third, ISA system maintenance
Backup and recovery of ISA server
ISA provides backup and recovery features that allow system information to be saved so that configuration information can be restored when the system fails
What you can back up:
Entire ISA Server configuration
All networks, or one of the selected networks
All network rules, or one of the selected network rules
All content download jobs in the cache configuration, or one or more of the selected content download jobs
The entire firewall policy, or one of the selected rules
...
(When backing up a firewall policy, the system policy rules cannot be backed up by default.) To back up the system policy, you can do so through the export System Policy task. )
When to make a backup
Change cache size or location
Change firewall Policy
Change Rule Basics
Change System rules
Change the network, such as changing network definitions or network rules
Delegating administrative rights or deleting delegates
(regularly backs up specific configurations of ISA Server on your network, such as local application filters, performance parameters, cached content, and log files.) This information ISA Server itself cannot be backed up, but can be backed up through the Windows operating system backup program. )
Performing an Isa backup
Back to the column page: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/
(You must be an enterprise administrator or enterprise auditor to back up your enterprise configuration.) To back up confidential information, you must be an enterprise administrator. Because the backup configuration file contains sensitive information, you need to secure the file. Specify a strong password to ensure that the encrypted information is properly protected. If the password provides a valid defensive capability to prevent unauthorized access, you can treat the password as a strong password. )
Restoring ISA configuration with Backup
Note When restoring array configuration:
You cannot back up an array's configuration, and then restore this configuration to another array or server.
The enterprise configuration Backup cannot be restored to the array.
If you want to restore the array configuration, and the enterprise policy settings used during the backup are different, you cannot restore the array location.
ISA Server Log Management
ISA provides a series of monitoring tools for tracking network status and ISA traffic
The monitoring capabilities of ISA include:
Alerts
Session
Service
Report
Connectivity of
Log
ISA log is a record of the ISA operation
Log storage format
MSDE Database
SQL Database
Files (ISA Server log, in the World Wide Web Association (WWW) format, ISA Server format, saved to files)
The setting of the log content
Edit filter: You can set the content that the primary record administrator cares about.
Configure Firewall log: Sets which firewall-related fields are logged in the log.
Configure the Web Proxy log: The contents of the Web proxy that is logged in the configuration log.
ISA Server Alert
Alerts are used to monitor the occurrence of specific events. If a predetermined event occurs, the system notifies the administrator in a manner specified by the Administrator to take appropriate action
Create and configure new alerts (can be created and configured based on the category and severity of the monitoring events)
ISA Server Report
In addition to tracking security events through logs, you can also use ISA reports to track ISA events
What the ISA report can display:
The user who is accessing the site and the site being visited
The most commonly used protocols and applications today
General Communication mode
Cache ratio
How the report Works
The ISA reporting mechanism combines the logs of ISA into each of the ISA computer's databases, and when the report is created, all relevant summary databases are merged into a single reporting database. The report was created from a summary of these merges
This article from "Hello_ Small Strong" blog, please be sure to retain this source http://xiaozhuang.blog.51cto.com/4396589/913070