Microsofts ISA Server 2004 Firewall phần 5

Chia sẻ: Tuan Bui Nghia | Ngày: | Loại File: PDF | Số trang:7

Thêm vào BST

Báo xấu

121
lượt xem 24
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Configuring the Web Proxy Client The web proxy client is any system that has been configured to use a proxy for Winsock applications. This is typically done in the client web browser settings

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Microsofts ISA Server 2004 Firewall phần 5

Configuring the Web Proxy Client The web proxy client is any system that has been configured to use a proxy for Winsock applications. This is typically done in the client web browser settings, specifying the IP address and port number that should be used to access the proxy server. From the ISA server side, the web proxy configuration is performed by clicking Networks in the management console to open the Networks configuration screen and then right-clicking the internal network and selecting Properties, as shown in Figure 8-17. Figure 8-17. Selecting the Internal Network Properties [View full size image] From the Internal Network Properties screen, select the Web Proxy tab and specify whether to enable web proxy clients (by default, they are enabled) and define the port number that the clients will connect on. You can click Authentication to define which users will/will not be permitted access. Figure 8-18 shows the Web Proxy tab. Figure 8-18. Web Proxy Configuration
Configuring the Firewall Client Configuring the firewall client is a little bit more involved than the other client configurations. First, the firewall client must be installed on the client computers. This can be done in the following manners: • Via file sharing and manually running the installation • Via Active Directory Group Policy • Via silent installation scripts and integration with login scripts • Via Microsoft Systems Management Server (SMS) During the firewall client installation, you must specify the ISA server that the firewall client will get its configuration from. This step allows you to manage the firewall client
configuration at a single location, the ISA Server 2004 firewall itself, and ensure that all firewall clients receive the same configuration settings. On the ISA server itself, two general firewall client configuration tasks need to be performed. Step 1. Configure the general firewall client configurations settings. Step 2. Configure the firewall client application settings. The firewall client general configuration is performed in a similar fashion to the web proxy client configuration. Just right-click the appropriate network in the management console, choose Properties, and then select the Firewall Client tab, as shown in Figure 8- 19. Figure 8-19. Firewall Client Tab
Doing so enables you to define settings such as the configuration script that should be used and whether the client should use a proxy server. In addition, you can specify the names of domains that the firewall client should not apply to by selecting the Domains tab and entering the domain name. The firewall client application settings can be configured by clicking General in the management console then clicking Define Firewall Client Settings. Doing so launches the Firewall Client Settings screen, as shown in Figure 8-20. On this screen, you can define applications that will or will not be permitted to run on the client computer and how permitted applications will be allowed to communicate on the network. An important thing to keep in mind is that the application name is a constant; so if the users change the name of the application (for example, from kazaa.exe to happy.exe), the firewall client settings no longer apply, because the application name no longer matches the name that was defined. An alternative is to use third-party products that integrate with Microsoft ISA Server 2004. Figure 8-20. Firewall Client Settings Screen
Caching Web Data Configuring the firewall to cache web data is a straightforward process. In the management console, navigate to the Cache screen, right-click the server, and choose Properties to launch the Server Cache Properties screen, as shown in Figure 8-21. Notice how the Cache icon has a red arrow pointing down, denoting that caching is not currently enabled. Figure 8-21. Launching the Cache Properties Screen [View full size image]
To enable caching, just select the drives and the maximum cache size and click Set. When you have finished, click OK and then click Apply to apply the configuration change to the firewall. You must restart the ISA services before the caching functionality will be enabled. When caching has been enabled, you can define rules regarding what data should be cached and how it should be cached by selecting the Cache Rules tab from the Cache screen and defining an appropriate rule. Like most other tasks in Microsoft ISA Server 2004, this is a wizard-driven process that is relatively straightforward and easy to understand. Microsoft ISA Server 2004 Checklist Enabling and configuring Microsoft ISA Server 2004 can be a relatively complex task. It is not something that should be performed without extensive planning and design prior to implementation. To get a basic ISA Server 2004 implementation in place and operational, the following tasks should be performed: Step 1. Install the underlying operating system. Step 2. Ensure that network services such as DNS are functioning properly.
Step 3. Configure routing on the firewall as required. Step 4. Determine the firewall clients that will be implemented. Step 5. Determine the edition of Microsoft ISA Server 2004 that is most appropriate for your environment. Step 6. Install ISA Server 2004. Step 7. Harden the appropriate underlying operating system and applications. Step 8. Configure the system policy rules. Step 9. Configure access rules (filter outbound access). Step 10. Configure server publishing rules (filter inbound access). Step 11. Enable web data caching. Step 12. Configure the firewall clients accordingly. Step 13. Perform application filtering. Step 14. Configure additional functionality (that is, VPN, remote logging, and so on) as required.