Chapter 7: Configuring Toolbox Elements


Overview

The ability of Microsoft ISA Server to function as a very strong and granular firewall relies a lot on the ease and clarity with which you can identify different "elements" within your network: you can designate a single computer, groups of computers, a single Uniform Resource Locator (URL), or a set of URLs to either allow or block traffic. You can use these elements to define how different computers (whether internal or external) communicate with one another. In short, the ISA Server toolbox elements are the building blocks that you use to determine how network traffic will flow.

How are toolbox elements used? ISA Server 2004 manages traffic flow to specified information on designated networks at scheduled times (see Chapter 8, "Configuring ISA Firewall Policy," for a detailed explanation). Figure 7-1 helps to show the overall process of how ISA Server processes traffic, and illustrates how the toolbox elements we describe in this chapter work in access rules.

image from book
Figure 7-1: This diagram shows the way in which ISA Server manages traffic in Access, Server Publishing, and Web rules.

Toolbox elements define the type of content and network traffic that ISA Server allows for certain network objects to particular locations for specified users. These elements can be found by opening the ISA Server Management console tree, navigating to the ISA server, and clicking the Firewall Policy node (in Enterprise Edition, you will also see the ISA Server Name), then clicking the Toolbox tab in the task pane as shown in Figure 7-2.

image from book
Figure 7-2: This view shows the toolbox elements available. This screen shows an ISA Server Enterprise Edition installation—the Standard Edition installation is similar, but does not include the Enterprise node.

In ISA Server 2004 Enterprise Edition, you can create enterprise-level toolbox elements in addition to the server-level elements. Simply navigate to the Enterprise node, click the Enterprise Policies node, then click the Toolbox tab in the task pane.

Table 7-1 briefly describes these elements—the remainder of the chapter describes the elements in more detail, and explains how to configure each type.

Table 7-1: Access Rule Elements

Access Rule Element

Purpose

Protocols

Define the protocol (for example, Transmission Control Protocol [TCP], User Datagram Protocol (UDP), Internet Protocol (IP), or Internet Control Message Protocol [ICMP]), direction, port range, number, or properties that characterize certain types of network traffic.

Users

Define users from Windows or SecurID namespaces, or a Remote Authentication Dial-In User Service (RADIUS) server to provide authentication based on user ID.

Content types

Define different types of content in FTP or HTTP traffic, which can be based on either Multipurpose Internet Mail Extensions (MIME) type (for example, application/octet-stream) or filename extension (for example, .exe).

Schedules

Define the times (specified in hours) when ISA Server can allow or deny activities.

Network objects

Define either the source or destination of network traffic. There are nine network objects: a network, a set, a computer, a computer set, an address range, a subnet, a URL set, a domain name set, and a Web listener.




Microsoft Internet Security and Acceleration ISA Server 2004 Administrator's Pocket Consultant
Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrators Pocket Consultant (Pro-Administrators Pocket Consultant)
ISBN: 0735621888
EAN: 2147483647
Year: 2006
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net