Figure 23.9: The Administrative Tools Options Dialog Box
Figure 23.10: Deciding to Join an Array
Figure 23.11: Selecting the Server Installation Mode
Figure 23.12: Warning Dialog Box about IIS Services
Figure 23.13: Configuring Web Cache Size
Figure 23.14: Configuring the Local Address Table
Figure 23.15: Launch the ISA Admin Tool Dialog Box
Figure 23.16: The ISA Server Management Console
Figure 23.17: Warning about Irreversible Changes to the Active Directory
Figure 23.18: Determining Policy
Figure 23.19: Initializing the Active Directory for ISA Server
Figure 23.20: ISA Server Enterprise Initialization Tool Dialog Box
Figure 23.21: Accessing the Back Up Command
Figure 23.22: The Backup Array Dialog Box
Figure 23.23: Confirmation of a Successful Backup
Figure 23.24: Backup Files Identified in the Root of Drive C:
Figure 23.25: The General Tab in the Server's Properties Dialog Box
Figure 23.26: Beginning the Promotion Process
Figure 23.27: Array Warning Dialog Box
Figure 23.28: Setting Enterprise Policy Settings
Figure 23.29: The Promotion of the Stand-Alone Server to an Array Begins
Figure 23.30: ISA Management Reflects After Promotion to Array Status
Figure 23.31: ISAFINAL Policies Tab
Figure 23.32: The Services Dialog Box
Figure 23.33: The Backup Dialog Box
Figure 23.34: Stopping Proxy Server 2.0-Related Services
Figure 23.35: Information Box Regarding Upgrading Proxy Server
Figure 23.36: Proxy 2.0 Migration Dialog Box
Figure 23.37: The Internet Information Services Console
Chapter 24: Managing ISA Server
Figure 24.1: The ISA Management Programs Are Added to the Windows 2000 Programs Menu
Figure 24.2: The ISA Management Console Allows You to Administer Your ISA Servers and Arrays
Figure 24.3: ISA Management Can Be Added to a Custom MMC
Figure 24.4: When Adding ISA to a Custom Console, You Must Choose from Three Connection Options
Figure 24.5: ISA Management Can Be One of Several Components in a Custom MMC
Figure 24.6: You Can Select the MMC Elements You Want to Display or Hide
Figure 24.7: The Right Detail Pane Displays the Child Objects of the Selected Object in the Left Console Tree
Figure 24.8: A Standalone ISA Server Has No Enterprise Object in the Left Pane
Figure 24.9: From a Stand-Alone ISA Server, You Can Connect to Another Stand-Alone Server
Figure 24.10: You Can Choose the Columns to Display or Hide in the Right Detail Pane
Figure 24.11: The Taskpad View Provides a More Graphical, Tabbed Interface
Figure 24.12: The Advanced View Provides a Simpler, Less Cluttered, Less Intuitive Interface
Figure 24.13: Enterprise Policies Are Explicitly Assigned to Arrays Via the Arrays Tab on Their Properties Boxes
Figure 24.14: Information about Each Enterprise Policy Is Shown in the Right Detail Pane
Figure 24.15: A Check Mark in the Right Detail Pane Indicates the Policy That Is Applied
Figure 24.16: An Enterprise-Level Policy Element Named Custom Has Been Created
Figure 24.17: The Policy Element Created at the Enterprise Level Is Available to Be Applied to Rules at the Array Level
Figure 24.18: You Can Change the Array Name to Avoid Confusion with a Server by the Same Name
Figure 24.19: The Services Folder Contains Information about ISA Services on All Servers in the Array
Figure 24.20: Active Sessions Are Displayed in the Detail Pane When You Select the Sessions Folder
Figure 24.21: You Can View Reports by Double-Clicking the Report Name in the Right Detail Pane
Figure 24.22: Access the Properties Sheet for Each Array Member through the Computers Folder
Figure 24.23: New Web Publishing or Server Publishing Rules Are Created with a Wizard
Figure 24.24: The Scheduled Content Download Wizard Makes It Easy to Create a Job to Automatically Update the Cache of Specified URLs
Figure 24.25: Scheduled Content Download Jobs Appear in the Right Pane When the Folder Is Selected
Figure 24.26: Configure the Amount of Disk Space on Each NTFS Drive to Be Allocated to the ISA Cache
Figure 24.27: The Two Client Configuration Objects: Web Browser and Firewall Client
Figure 24.28: Add and Configure H.323 Gatekeepers Via the Last Second-Level Object in the Console Tree
Figure 24.29: The ISA Wizards Allow You to Check the Information Entered for Accuracy Before You Click Finish
Figure 24.30: Set Permissions on Objects Via the Security Tab on the Object's Properties Sheet
Figure 24.31: Some ISA Objects Have Special Advanced Permissions Such as the Read Alerts Information and Reset Alerts Permissions for the Alerts Object
Figure 24.32: Delete an ISA Server from an Array Via the ISA Management Console
Figure 24.33: When You Install ISA Server, If the Enterprise Has Been Initialized, You Have the Option of Joining an Existing Array
Figure 24.34: Promoting a Stan-Alone Server to Become an Array—An Operation That Cannot Be Reversed
Figure 24.35: Viewing Alerts That Occurred on the ISA Server or Array
Figure 24.36: Some Events Allow You to Specify Additional Conditions to Trigger the Alert
Figure 24.37: You Must Select at Least One Action to Be Performed When an Alert Is Triggered
Figure 24.38: View the Current Active Sessions in the Right Detail Pane of the ISA MMC
Figure 24.39: Install the Appropriate ODBC Driver to Set Up a Data Source
Figure 24.40: Logging Is Configured Via the Properties Sheet for the Service for Which Data Will Be Logged
Figure 24.41: A Name and Description for the Report Job Are Specified Via the General Tab
Figure 24.42: Configure the Reporting Interval by Selecting the Period Tab on the Properties Sheet
Figure 24.43: The Schedule Tab Allows You to Set a Start Time and a Recurrence Pattern
Figure 24.44: You Must Provide the Appropriate Credentials to Run a Report Job on a Report Computer or Array
Figure 24.45: Enter a User Account Name, Domain, and Password to Run the Report Job
Figure 24.46: Information about Each Configured Report Job Appears in the Right Detail Pane
Figure 24.47: The Reports That Have Been Generated Are Accessed from the Reports Folder
Figure 24.48: Summary Reports Include Data from the Web Proxy and Firewall Service Logs Pertaining to Network Usage
Figure 24.49: Web Usage Reports Contain Information Collected from the Web Proxy Service Log Files
Figure 24.50: Application Usage Reports Are Based on Information Collected in the Firewall Service Logs
Figure 24.51: The Traffic and Utilization Reports Combine Information from the Web Proxy and Firewall Service Logs
Figure 24.52: Security Reports Can List Authorization Failures and Other Security-Related Events Recorded in the Web Proxy Service, Firewall Service, and Packet Filter Logs
Figure 24.53: Select the Option to Use to Sort Report Data in the Report Type Properties Sheet
Figure 24.54: Set a Location for Saving Daily and Monthly Summaries, and Specify the Number of Each That Should Be Saved
Figure 24.55: Summary Files Are Saved by Default in the ISA Summaries Folder with an .ILS File Extension
Figure 24.56: To Install ISA Management on a Computer from Which You Want to Administer ISA, Select Custom Installation and Check the Administration Tools Check Box
Figure 24.57: To Manage an ISA Server Remotely, You Must First Connect to It
Figure 24.58: To Manage an Array Remotely, Choose "Connect to Enterprise and Arrays"
Figure 24.59: The Terminal Server Settings Are Configured Via the Terminal Services Configuration Tool
Figure 24.60: Use the Terminal Services Manager to View and Manage Client Sessions
Figure 24.61: Use the Client Connection Manager to Create a Connection to a Terminal Server
Figure 24.62: The Client Connection Wizard Creates a Shortcut to the Terminal Server
Figure 24.63: You Can Use the Terminal Services Client to Connect to a Terminal Server
Figure 24.64: Use the Terminal Server Desktop to Remotely Administer the ISA Server
Chapter 25: Optimizing, Customizing, Integrating, and Backing Up ISA Server
Figure 25.1: The ISA Server Performance Monitor Includes a Set of ISA Server-Specific Default Counters
Figure 25.2: In a Histogram View, Data Is Presented as a Set of Bar Charts
Figure 25.3: Report View Summarizes Data and Presents It in Text Format
Figure 25.4: The System Monitor Tool's Appearance Can Be Customized Using the Properties Sheet
Figure 25.5: Add at Least One Counter to Be Logged to the File
Figure 25.6: Use the Log Files Tab to Set Filename, Location, and Other File Properties
Figure 25.7: Use the Schedule Tab to Define Start and Stop Times for Logging
Figure 25.8: Counters to Be Monitored for Triggering of a Performance Alert Are Added Via the General Tab of the Alert Properties Sheet
Figure 25.9: After Adding Counters, You Must Define the Threshold and Data Sample Interval
Figure 25.10: You Can Select One or More Actions to Be Taken When the Alert Is Triggered
Figure 25.11: You Can Use the Schedule Tab to Schedule the Scan to Start and Stop at a Specified Time and Elect to Start a New Scan When One Finishes
Figure 25.12: A Network Message Is Sent to the Specified Account When the Alert Is Triggered
Figure 25.13: ISA Automatically Optimizes Performance Based on Number of Users Per Day
Figure 25.14: Enable Bandwidth Control and Set Effective Bandwidth for a Dial-Up Entry
Figure 25.15: The Load Factor Is Configured on the Array Membership Tab of the Computer's Properties Sheet
Figure 25.16: You Can Increase Performance by Increasing the Size of Objects That Can Be Cached in RAM
Figure 25.17: Active Caching Balances Client Web Performance Against Network Traffic
Figure 25.18: You Can Change the Cache Drive Settings for Better Performance
Figure 25.19: The Registry Keys Used to Tune ISA Performance Are Found Under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
Figure 25.20: The CacheSettings Script Prompts You to Specify an Array Name
Figure 25.21: The Script Runs and Displays the Results
Figure 25.22: Each Sample Filter Includes a Readme File That Provides More Information
Figure 25.23: GFI LANguard Is a Third-Party Add-On That Creates a Custom Console, Which Includes the ISA Management Snap-In
Figure 25.24: IPsec Policies Are Configured Via Windows 2000 Group Policy
Figure 25.25: You Can Select the IPsec Protocol to Be Used Via the Security Method Wizard
Figure 25.26: The ISA Management Console Provides a Tool for Backing Up Server Information
Figure 25.27: You Can Provide an Identifying Comment for the Backup File
Figure 25.28: You Must Enter a Path to the File in Which You Backed Up the Array Configuration
Figure 25.29: Backup File Information Is Displayed Prior to the Restoration
Chapter 26: Troubleshooting ISA Server
Figure 26.1: Information Gathering Can Take Many Forms
Figure 26.2: ISA Log Files Can Be Useful in Troubleshooting Various Problems
Figure 26.3: The ISA Server Help Files Contain a Special "Troubleshooting" Section
Figure 26.4: Select an Event from the Right Context Pane in the Application Log
Figure 26.5: The Event's Properties Sheet Gives You a Great Deal of Information, Including the Event ID
Figure 26.6: You Can Use the Event Category and ID to Locate the Event Message in the Help Files
Figure 26.7: The Help File Provides Information about the Event Message, an Explanation, and Suggested User Action(s)
Figure 26.8: The Searchable Knowledge Base Provides Technical Support Information and Self-Help Tools
Figure 26.9: Microsoft's ISA Server Newsgroups Provide an Excellent Source of Troubleshooting Information
Figure 26.10: Enable the DHCP Client Rule to Allow a Release and Renew of the DHCP Lease
Figure 26.11: The Authentication Method Is Configured Via the Listeners' Properties Sheet for Incoming and Outgoing Web Requests
Figure 26.12: Disconnect the Sessions of Clients Who Are Using Protocols You Want to Disable
Figure 26.13: You Can Enable IP Packet Filtering and IP Routing to Improve S-NAT Performance
Figure 26.14: Disable the Firewall Client to Allow Direct Dial-Out from the Machine
Figure 26.15: You Can Configure Which Content Will Be Cached Using the Cache Configuration Properties Sheet
Figure 26.16: Use the Secure Mail Server Option to Publish a Mail Server to External Clients
Chapter 27: Advanced Server Publishing with ISA Server
Figure 27.1: Results of netstat –na Before Disabling Socket Pooling
Figure 27.2: Disabling Socket Pooling
Figure 27.3: Running netstat –na After Disabling Socket Pooling
Figure 27.4: Disabling SMTP and NNTP Socket Pooling
Figure 27.5: Selecting the Client Address Sets Option on the Client Type Page
Figure 27.6: Selecting the Client Address Set
Figure 27.7: Configuring Terminal Services to Listen on the Internal Interface
Figure 27.8: Configuring the RDP Packet Filter
Figure 27.9: Creating the TSAC Destination Set
Figure 27.10: Entering the FQDN and Path for the Destination Set
Figure 27.11: Selecting the TSAC Site Destination Set
Figure 27.12: Configuring Authentication Requirements for the Web Publishing Rule
Figure 27.13: Entering Credentials to Access the TSAC Web Site
Figure 27.14: The Security Warning Dialog Box
Figure 27.15: The Remote Desktop Web Connection Page
Figure 27.16: The TSAC Terminal Services Session Running in Full Screen Mode
Figure 27.17: The Terminal Services Session as It Appears in the Browser
Figure 27.18: The Address Mapping Page
Figure 27.19: Change the FTP Site Listening Port
Figure 27.20: Creating the wspcfg.ini File
Figure 27.21: Saving the wspcfg.ini File
Figure 27.22: Using the CREDTOOL
Figure 27.23: Adding the User Account
Figure 27.24: The FTP Server Listening on the Alternate Port
Figure 27.25: Testing the FTP Server
Figure 27.26: Configure Internet Explorer 6.0 to Use PASV Mode
Figure 27.27: Connecting to the FTP Using PASV Mode
Figure 27.28: Confirming the FTP Server's Link with the ISA Server
Figure 27.29: Configuring FTP Packet Filters
Figure 27.30: Configuring the FTP Server Packet Filter
Figure 27.31: The PASV Mode Data Channel Packet Filter
Figure 27.32: Disabling FTP Service Socket Pooling
Figure 27.33: The FTP Service Listens on a Dedicated Address
Figure 27.34: The FTP Service Listens on a Dedicated Address
Figure 27.35: Disabling the EnablePortAttack Entry
Figure 27.36: The Address Mapping Page
Figure 27.37: Configuring Authentication Methods on the Web Requests Listener
Figure 27.38: Configuring an SSL Listener
Figure 27.39: Configuring the Redirect on the Rule Action Page
Figure 27.40: Logging on to the FTP Site
Figure 27.41: The Published FTP Site
Figure 27.42: The Incoming Web Requests Listener Interface
Figure 27.43: TCP Port 80 Listening on All External IP Addresses
Figure 27.44: Configuring Direct Access to Internal Site for Web Proxy Clients
Figure 27.45: Setting the Certification Authority Type
Figure 27.46: The CA Identifying Information Page
Figure 27.47: The Name and Security Settings Page
Figure 27.48: The Site's Common Name Page
Figure 27.49: The Request File Summary Page
Figure 27.50: Selecting the Certificate Request Information
Figure 27.51: The Certificate Server Web Site Welcome Page
Figure 27.52: The Advanced Certificate Requests Page
Figure 27.53: The Submit A Saved Request Page
Figure 27.54: Issuing the Web Site Certificate
Figure 27.55: The Check On A Pending Certificate Request Page
Figure 27.56: Downloading and Installing the Certificate
Figure 27.57: Processing the Pending Request
Figure 27.58: Reviewing the Settings
Figure 27.59: Sending the Certificate Request Directly to the Certificate Server
Figure 27.60: Choosing a Certification Authority
Figure 27.61: The Certificate Store Page
Figure 27.62: Certificates Contained in the ISA Server's Machine Store
Figure 27.63: Selecting the Web Site Server Certificate
Figure 27.64: Selecting the Web Site Server Certificate
Figure 27.65: A Completed Destination Set
Figure 27.66: The Rule Action Page
Figure 27.67: Security Alert Dialog Box Warning of an Untrusted Root Authority
Figure 27.68: Security Alert Dialog Box Warning of a Certificate Mismatch
Figure 27.69: Forcing a Secure Channel to the Web Site
Figure 27.70: The Web Proxy Service Certificate List
Figure 27.71: Configuring the Rule Action
Figure 27.72: Assigning a Client Certificate for the SSL Bridge
Figure 27.73: Security Alert Dialog Box Warning of a Name Mismatch
Figure 27.74: The Client Authentication Dialog Box
Figure 27.75: Error Page Indicating that a Client Certificate Is Required
Figure 27.76: Redirecting SSL Requests as FTP Requests
Figure 27.77: Connecting to the FTP Site
Figure 27.78: The Certificates List
Figure 27.79: CRL Distribution Point Information
Chapter 28: Protecting Mail Services with ISA Server
Figure 28.1: Checking for SMTP Service Socket Pooling
Figure 28.2: Allowing the Internal Network Mail Server to Relay through the SMTP Service on the ISA Server