Course 2824B: Implementing Microsoft internet security and acceleration server 2004 - Module 12

Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario

Overview

Implementing a Back-to-Back Firewall Scenario

Lab: Implementing a Back-to-Back Firewall Scenario

Lesson: Implementing a Back-to-Back Firewall Scenario

Issues in Deploying a Back-to-Back Firewall Solution

Guidelines for Configuring ISA Servers in a Workgroup

Guidelines for Implementing Network Load Balancing

Guidelines for Configuring a Front-End Firewall Array

Guidelines for Configuring a Back-End Firewall Array

Issues in Deploying a Back-to-Back Firewall Solution

Issues in deploying a back-to-back firewall Issues in deploying a back-to-back firewall configuration include: Using public or private IP addresses in the configuration include: Using public or private IP addresses in the perimeter network perimeter network

Deploying the ISA Server computers in a Deploying the ISA Server computers in a domain or workgroup domain or workgroup

Configuring network load balancing Configuring network load balancing

Configuring name resolution and network Configuring name resolution and network routing routing

Configuring access to Configuration Configuring access to Configuration Storage servers Storage servers

Configuring configure publishing rules and Configuring configure publishing rules and access rules access rules

Configuring SSL connections Configuring SSL connections

Configuring user authentication Configuring user authentication

Guidelines for Configuring ISA Servers in a Workgroup

ISA Server Enterprise Edition supports the ISA Server Enterprise Edition supports the following deployment scenarios: following deployment scenarios:

Deploying all ISA Server components on Deploying all ISA Server components on domain members domain members

Deploying all ISA Server components on Deploying all ISA Server components on workgroup members workgroup members

Deploying ISA Server components in a mixed Deploying ISA Server components in a mixed configuration configuration

You can change the deployment configuration You can change the deployment configuration after deployment after deployment

Guidelines for Implementing Network Load Balancing

Configuring intra-array addressing: Configuring intra-array addressing:

Used by array members to communicate Used by array members to communicate with other array members with other array members

If not enabling NLB, use the internal If not enabling NLB, use the internal network for the intra-array network network for the intra-array network

If enabling NLB, create a separate IP If enabling NLB, create a separate IP address or a separate network for the intra- address or a separate network for the intra- array addresses array addresses

When configuring network load balancing: When configuring network load balancing: Do not use a layer-2 switch to connect array Do not use a layer-2 switch to connect array members members

If all networks are enabled for NLB, add an If all networks are enabled for NLB, add an additional network adapter and create a additional network adapter and create a separate network for intra-array traffic separate network for intra-array traffic

Guidelines for Configuring a Front-End Firewall Array

Network routing Network routing

When configuring a back-to-back firewall, When configuring a back-to-back firewall, begin by defining the Internal and External begin by defining the Internal and External networks for both arrays networks for both arrays On the front-end firewall array, you need On the front-end firewall array, you need to configure: to configure:

The Internal network IP addresses The Internal network IP addresses

The network relationship The network relationship

Access to resources on the perimeter Access to resources on the perimeter network network

Access to resources on the Internal network Access to resources on the Internal network

SSL publishing for perimeter network SSL publishing for perimeter network servers servers

SSL publishing for Internal network servers SSL publishing for Internal network servers

Authentication Authentication

Guidelines for Configuring a Back-End Firewall Array

The internal network IP addresses The internal network IP addresses

On a back-end firewall array, you need to On a back-end firewall array, you need to configure: configure:

Network routing Network routing

The perimeter network on the internal The perimeter network on the internal array array

Network objects Network objects

Access to perimeter network resources Access to perimeter network resources

Access for front-end ISA Server computers Access for front-end ISA Server computers

Access to resources on the Internal network Access to resources on the Internal network

Internal network access for domain Internal network access for domain members members

Practice: Planning a Back-to-Back Firewall Deployment

In this practice, you will analyze a scenario describing an organization’s requirements for deploying a back-to-back firewall solution and plan the front-end array and back-end array configuration

Lab 12: Implementing a Back-to-Back Firewall Scenario

Den-DC-01

Gen-Web-01

Den-ISA-03

Den-CSS-01

Internet

Den-Msg-01

Den-ISA-01 Exercise 1: Enabling Network Load Balancing for the Main\Front-End Array Exercise 2: Installing and Den-Web-01 Configuring the Front-End Array Server Exercise 3: Configuring Den-ISA-02 Firewall Rules for Resource Access

Den-ISAEE-01

Den-DC-01

Den-ISAEE-02

Den-CSS-01

Den-ISAEE-03

Den-Msg-01

Gen-Web-01

Den-Web-01

Host2

Host1