Microsoft Internet Security Accelerator - ISA server 2006 - is now considered one of the powerful firewalls in the market .
Microsoft Internet Security and Acceleration (ISA) Server 2006 is the security gateway that helps protect your mission critical applications from Internet-based threats. ISA Server enables your business to do more, with secure access to Microsoft applications and data. Secure your Microsoft application infrastructure by protecting your corporate applications, services, and data across all network layers with stateful packet inspection, application-layer filtering, and comprehensive publishing tools. Streamline your network with simplified administrator and user experiences through a unified firewall and virtual private network (VPN) architecture. Safeguard your information technology environment to reduce security risks and costs, and help eliminate the effects that malicious software and attackers have on your business.
Today I will explain an interesting topic ,we will talk how to configure our Network adapters On ISA 2006 so you can Implemented as a firewall in your network
Lab Setup :
- One server acting as domain controller and internal DNS named dc1.test.com
- One server will act as ISA server firewall with two network cards On it.
- Steps :
1- You have to configure your internal DNS to forward Internet queries coming from the internal users to the internet DNS , in other words when a user try to open www.google.com his query will be sent to the internal DNS and then the internal DNS will forward the query to external DNS on the internet cloud then returns back the result to the user. to do this configuration do the following :
open DNS mmc then click on your server name then right click on forwarders ,go to properties and then start adding some IP addresses to some external DNS servers which you can get a list of these IP addresses fro your ISP , then add them the red marked area shown in figure below.
2- Now will start configuring ISA server Network , I will assume that your network setup is as below figure which is a simple network but can be taken as a base for any setup you have.
I guess the figure explains everything.
the figure has the following details
- first network card ( Internal NIC) has a private IP , DNS IP But no gateway IP
- Second Network Card has a public IP , no DNS IP and gateway IP which is the internet router IP
- for your internal servers and clients , ISA server will be their default gateway .
- On The ISA server you have to make an access role to allow the internal DNS to forward traffic through ISA to the external network
so now any user want to open a website , his DNS query will be sent to the internal DNS then forwarded to the external DNS server through the ISA server then result will come Back to the internal DNS then to the user PC then website is opened .
This was the whole Network configuration for ISA server 2006 as a firewall , then you can start making your access and publish roles for your exchange server , other web , ftp , SharePoint or any other servers you have.
===================================================================
Thanks
===================================================================
0 comments:
Post a Comment