ISA Server Tools and Utilities


Many tools and utilities are available to you in ISA Server 2004. We start with the most commonly used tool, the ISA Server Management console, describe some of the wizards available, and then refer you to Microsoft Partner tools and third-party Web sites that provide a wide range of tools that can help extend the functionality of ISA Server.

See Chapter 12, "Scripting with Microsoft ISA Server 2004," for information about how to use scripts to automate and extend ISA Server's functionality.

The ISA Server 2004 Management Console

This section describes the different components of the new ISA Server Management console UI.

Tip 

When you are administering ISA Server using the ISA Management console, pressing the F1 key will bring up information from the ISA help file about the area that you are currently using. For example, if you are working with Networks under the Configuration node and press F1, the ISA help file will open to the multinetworking overview section. Be sure to refer to the "Additional Resources" appendix at the end of this book for more helpful information.

You manage ISA Server using the ISA Server Management console, which has been greatly improved over the management console from ISA Server 2000. A comparison of the ISA Server 2000 Management console and the ISA Server 2004 Management console is shown in Figure 1-2 (ISA Server 2000 Standard Edition) and Figure 1-3 (ISA Server 2004 Standard Edition).

image from book
Figure 1-2: The ISA Server 2000 Management console is very basic compared to the rich features in the ISA Server 2004 Management console.

image from book
Figure 1-3: Tabbed pages in the ISA Server 2004 Management console make accessing common tasks simpler.

You can access the ISA Server Management console by clicking Start, choosing All Programs, Microsoft ISA Server, and then clicking the ISA Server Management icon.

Note 

The key improvements to the ISA Server 2004 Management console include a three-pane window, tabbed pages in the content view, and an all new task/help pane for single-click access to the most common tasks.

The ISA Server 2004 Management console has three panes: console tree (left pane), the details pane (middle pane), and the task pane (right pane), as shown in Figure 1-3. ISA Server 2004 Enterprise Edition has the same basic components as ISA Server 2004 Standard Edition with several additional features, which we describe later.

The console tree (left pane) shows all the different components of ISA Server. The details pane (middle pane) shows content, such as the Welcome information displayed in Figure 1-3. The task pane (right pane) contains prescriptive and descriptive information about the tasks on which you're working. For example, on the first screen you can click Connect To Local Or Remote ISA Server, Open The Microsoft Internet Security And Acceleration Server 2004 Online Help, or Read About Securing Your ISA Server. Tabs at the top of this section allow you to switch between functions, such as changing from the Tasks list to the Help information.

When you select the ISA server itself, you will see a Getting Started Guide for that server in the content pane, which steps you through the basics of configuring your ISA Server. Follow these steps to set up the most common configuration of ISA Server.

The task pane (right pane)—as shown in Figure 1-3—has several actions that are described in Table 1-8.

Table 1-8: ISA Server Tasks

Task

Application

Define Administrative Roles

Use this wizard to configure roles for users who need to perform ISA Server tasks.

Disconnect Selected Server From Management Console

Use this task to disconnect from your local or remote ISA server.

Backup This ISA Server Configuration

Use this task to back up your ISA server configuration to an .xml file.

Restore This ISA Server Configuration

Use this task to restore your ISA server configuration from a previous backup (.xml file).

Export ISA Server Configuration To A File and Import From An Exported ISA Server Configuration File

The import and export functions of ISA Server are used to clone the configuration settings from one ISA server to another. This provides more granular options than backing up and restoring a file. For example, you can choose Export User Permission Settings or Export Confidential Information.

To view the other components of the ISA Server Management console, click the plus sign (+) to the left of the ISA server you're using (in our case, the ISA server's name is ISA2004-SE). You will then see the other areas: Monitoring, Firewall Policy, Virtual Private Networks (VPN), and Configuration.

Monitoring

The Monitoring node now incorporates a dashboard for enhanced system monitoring. When you select the Monitoring node in the console tree (left pane), you have seven (or eight with Enterprise Edition) tabbed pages in the details pane (middle). See Table 1-9 for a description of each page.

Table 1-9: Monitoring Mode Page Descriptions

Page

Description

Dashboard

High-level overview of the overall health of the ISA server

Alerts

Displays alerts based on your configuration of the server

Sessions

Shows the sessions currently connected to the ISA server

Services

Shows the services running and their states

Reports

Allows you to manage and view reports

Connectivity

Shows the connection between the local ISA server and other ISA servers

Logging

Allows you to create, view, and filter queries

Configuring (ISA Enterprise Edition only)

Provides the ability to view the configuration version of all members of an array

Firewall Policy

The Firewall Policy node is where you will spend the majority of your time administering ISA Server. The firewall policy consists of access rules, server publishing and Web publishing rules, and system policies.

Virtual Private Networks (VPN)

VPN functionality has been extended in ISA Server 2004. The Microsoft ISA Server team went to great lengths to ensure that ISA Server administrators would be able to easily manage branch offices through the Virtual Private Networks (VPN) node. When you select the console tree, two tabbed pages appear in the details pane, as described in Table 1-10.

Table 1-10: PN Tab Descriptions

Tab Name

Description

VPN Clients

This view takes you through the five-stage process of configuring a VPN.

Remote Sites

To allow different sites to communicate over what is known as a VPN Site-to-Site connection you must configure a remote site network, which can be created here. For more information, see Chapter 11, "Securing Virtual Private Network Access."

Configuration

The Configuration node has four subnodes, as described in Table 1-11.

Table 1-11: Configuration Node Descriptions

Subnode Name

Description

Networks

Here you define the networks in your organization using IP address ranges and define the communication between those networks.

Cache

This section allows you configure the cache, which speeds up access to Internet or intranet content by storing it on the hard disk of the local ISA server.

Add-Ins

Here you configure the application and Web filters that allow secure communications with applications, such as HTTP, FTP, and DNS.

General

This section is a collection of other administrative activities, including configuring intrusion detection, firewall clients, client settings, and delegation of administration.

ISA Server Wizards

ISA Server 2004 includes several wizards that help automate tasks in a way that makes it easier to configure while using the most secure methods. Table 1-12 describes several of the more common wizards you will use.

Table 1-12: Commonly Used ISA Server Wizards

Wizard Name

Description

ISA Server Administration Delegation Wizard

Use this wizard to configure roles for users who need to perform ISA Server tasks.

New Network Wizard

This wizard allows you to create new networks, and can be accessed through the Networks node.

New Access Rule Wizard

Accessed through the tasks pane in the Firewall Policy node, this wizard steps you through the process of creating a new access rule.

New Web Publishing Rule Wizard

Access this wizard from the Firewall Policy node, and click Publish A Web Server to launch it.

SSL Web Publishing Rule Wizard

Access this wizard from the Firewall Policy node, and click Publish A Secure Web Server to launch it.

New Mail Server Web Publishing Rule Wizard

Access this wizard from the Firewall Policy node, and click Publish A Mail Server to launch it.

New Server Publishing Rule Wizard

Access this wizard from the Firewall Policy node, and click Create A New Server Publishing Rule to launch it.

New Cache Rule Wizard

Access this wizard from the Cache node, and click Create A Cache Rule on the Cache Rules tab.

Tools

ISA Server 2004 provides additional tools to assist with your day-to-day administration and troubleshooting efforts. Table 1-13 summarizes the tools that you will use most often.

Table 1-13: Useful ISA Tools and Resources

Tool or Resource Name

Description

Firewall Client Tool

Fwctoolpack.exe; tool to configure, manage, and trouble-shoot the ISA Server firewall client.

Firewall Kernel Mode Tool

Firewall Engine Monitor

Fwengmon.exe; tool you can use to analyze and troubleshoot firewall connectivity issues by monitoring the ISA Server kernel-mode driver.

Remote Access Quarantine

Rqsutils.exe; tool to prepare an ISA server running on Windows Server 2003 as a Remote Access Quarantine Agent (RQS) listener component.

Frédéric Esnouf's Quarantine Security Suite (QSS)

Esnouf's QSS provides enhanced quarantine functionality to not only keep threatening machines from connecting to the corporate network, but also update the VPN client and allow it access to the network when it is deemed safe. This tool is free for up to five connections. See http://fesnouf.online.fr/qss_main.htm for more information.

Jim Harrison's scripts

See http://www.ISATools.org for more information.

Microsoft ISA Server Partner Site

See http://www.microsoft.com/isaserver/partners for more information.

Microsoft ISA Server Guidance

See http://www.microsoft.com/isaserver/techinfo/guidance/2004.asp for more information.

You also need to be familiar with Windows Server tools to configure ISA Server properly. See the Windows Help file for more information about tools like IP and Interface Configuration, Security Configuration, Netsh.exe, and Route.exe.

Extending ISA Server

There are many products created that help to extend ISA Server's functionality. For instance, software is available for handling intrusion detection, providing access control, monitoring traffic and events, reporting on logged content, and maintaining high availability (load balancing). For a complete listing of the add-ons for ISA Server, visit http://www.microsoft.com/isaserver/partners.

You can also use the ISA Server 2004 Software Development Kit (SDK) to create custom solutions. See http://msdn.microsoft.com/library/en-us/isasdk/isa/internet_security_and_acceleration_server_start_page.asp or download the SDK from http://www.microsoft.com/technet/downloads/isasrvr.mspx.




Microsoft Internet Security and Acceleration ISA Server 2004 Administrator's Pocket Consultant
Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrators Pocket Consultant (Pro-Administrators Pocket Consultant)
ISBN: 0735621888
EAN: 2147483647
Year: 2006
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net