Protocols | Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrators Pocket Consultant (Pro-Administrators Pocket Consultant)

The term protocol comes from the Greek word proto-koleon—this originally described a sheet of paper pasted to the front of a manuscript that summarized the manuscript's contents. In our world, protocols consist of different rules used by networked devices to send and receive information. The headers, like the sheet of paper, advertise the type of content the packet holds, and the appropriate audience and rules to use when "reading" it. ISA Server comes with many predefined protocols and allows you to create your own protocols by defining the type of packet (TCP, UDP, ICMP, and so on), its direction, port range, and so forth.

Note

At the Network and Transport layers, the IP protocol and port number being used to make a connection to a server loosely defines the protocol. For example, TCP port 25 is used by the SMTP service—this port is what ISA Server uses to recognize that the traffic is SMTP. For protocols that have Application filters in ISA Server, this port number is used by the application filter to identify and then further inspect the traffic at the Application layer. You can configure ISA Server's Application Filter to associate with a custom ISA Server–defined protocol, which allows the filter to inspect traffic even when that traffic is not on standard ports.

Identifying Predefined Protocols

ISA Server provides a list of predefined protocols that are categorized by their function. To open the Toolbox, open the ISA Server Management console, expand your ISA server, click the Firewall Policy node (in Enterprise Edition, you will also see the ISA Server Name), then click the Toolbox tab in the task pane. When you then click the Protocols link, you will see the various categories described in Table 7-2.

Table 7-2: Server Protocol Categories
Protocol Category	Description
Common Protocols	Policies include these protocols more than any others. The most common protocols—including Post Office Protocol 3 (POP3), Simple Mail Transfer Protocol (SMTP), HTTP, HTTPS, and others—also appear in other categories.
Infrastructure	These protocols are used by infrastructure servers, such as name servers (domain name system [DNS]), IP Addressing (DHCP), and Active Directory (LDAP). You will also find SNMP and Ping (ICMP) protocols here.
Mail	These protocols are used by mail servers, such as SMTP, Internet Message Access Protocol 4 (IMAP4), and POP3, and news servers (Network News Transfer Protocol [NNTP]).
Instant Messaging	These protocols are required for instant messaging programs, including MSN Messenger, ICQ, NetMeeting (H.323), and others.
Remote Terminal	These protocols are used to allow remote device management and remote terminal connections, and include Remote Desktop (RDP), Telnet, Citrix (ICA), and others.
Streaming Media	These protocols, including Microsoft Media Streaming (MMS), Real-Time Streaming Protocol (RTSP), and more, are used for streaming media.
VPN and IPSec	These protocols, such as different IPSec protocols (Encapsulating Security Protocol [ESP], Network Address Translation-Traversal [NAT-T]), IKE Client, IKE Server, Layer Two Tunneling Protocol (L2TP), PPTP, and more, are used to establish and protect VPN connections.
Web	These protocols, such as HTTP, HTTPS, FTP, and others, are used to access Web sites. These protocols are only available when creating and configuring Web publishing rules.
User-Defined	When you define new protocols in ISA Server, they appear in this category.
Authentication	These protocols, such as Kerberos, RADIUS, and RSA SecurID, are used for authentication.
Server Protocols	These protocols include the server protocols used in server publishing rules, such as POP3 server for e-mail, Microsoft SQL Server, FTP server, remote procedure call (RPC) server, and more.
All Protocols	Cleverly named, this category shows you all predefined and user-defined protocols in a single list.

Creating a Protocol

You will, from time to time, need to create custom protocols that allow traffic for network devices. To create a custom protocol, follow these steps:

Open the ISA Server Management console, then in the console tree, click the Firewall Policy node.
In the task pane, click the Toolbox tab, and then click Protocols.
Click New, and then click Protocol.

Note
You can also create a new RPC protocol using these steps—then follow the on-screen instructions for the Welcome To The New RPC Protocol Definition Wizard.
On the Welcome To The New Protocol Definition Wizard page, type a name to assign to the new protocol, then click Next.
On the Primary Connection Information page, click New.

In the New/Edit Protocol Connection dialog box shown in Figure 7-3, specify the protocol type and direction (inbound or outbound), and port range. Click OK, and then click Next.

Note

The "direction" of traffic identifies which way the initial packet is sent. Incoming implies that a remote client will be making a connection to the ISA server. Outgoing implies that a client on the LAN will be making a connection to a remote host on the external network.

Regardless of the direction you select, response traffic will be allowed, so there is no need to define and use a protocol to handle return traffic.

On the Secondary Connections page, select Yes or No to indicate whether you wish to define secondary connections (which allow other designated ports to be opened after the establishment of the session by the protocol you're configuring). Click Next.
On the Completing The New Protocol Definition Wizard page, review your settings, and then click Finish.
Click Apply to save the changes, and then click OK to close the Apply Network Configuration dialog box.

image from book
Figure 7-3: You can create a new protocol by configuring the information about its connection, including the protocol type, direction, and port range or properties.