Monitoring ISA from the ISA Console

In addition to the robust Logging mechanism, the ISA Monitoring node also contains various tabs that link to other extended troubleshooting and monitoring tools. Each of these tools performs unique functions, such as generating reports, alerting administrators, or verifying connectivity to critical services. It is subsequently important to understand how each of these tools works.

Customizing the ISA Dashboard

The ISA Dashboard, shown in Figure 16.15, provides quick and comprehensive monitoring of a multitude of ISA components from a single screen. The view is customizable, and individual components can be collapsed and/or expanded by clicking on the Arrow buttons in the upper-right corner of each of the components. All the individual ISA monitoring elements are summarized here.

Figure 16.15. Viewing the ISA Dashboard.

TIP

The ISA Dashboard is the logical "parking" page for ISA administrators, who can leave the screen set at the Dashboard to allow for quick glance views of ISA health.

Monitoring and Customizing Alerts

The Alerts tab, shown in Figure 16.16, lists all the status alerts that ISA has generated while it is in operation. It is beneficial to look through these alerts on a regular basis and acknowledge them when no longer needing to display them on the Dashboard. If alerts need to be permanently removed, they can be reset instead. Resetting or acknowledging alerts is a simple as right-clicking on them and choosing Reset or Acknowledge.

Figure 16.16. Viewing the ISA Alerts tab.

Alerts appear in this list because their default alert definition specifies an action to display them in the console. This type of alert behavior is completely customizable, and alerts can be made to do the following actions:

Send email
Run a program
Report to Windows Event log
Stop selected services
Start selected services

For example, it may be necessary to force a stop of the firewall service if a specific type of attack is detected. Configuring alert definitions is relatively straightforward. For example, the following process illustrates how to create an alert that sends an email to an administrator when a SYN attack is detected:

1.	From the Alerts tab of the ISA Monitoring node, select the Tasks tab in the Task pane.
2.	Click the Configure Alert Definitions link.
3.	In the Alert Definitions dialog box, shown in Figure 16.17, choose SYN Attack and click Edit. Figure 16.17. Creating a custom alert definition.
4.	Choose the Actions tab from the SYN Attack Properties dialog box.
5.	Check the Send E-mail box.
6.	Enter the SMTP Server in the organization and fill in the From, To, and CC fields, similar to what is shown in Figure 16.18. Figure 16.18. Customizing an alert definition.
7.	Click the Test button to try the settings, and then click OK to acknowledge a successful test.
8.	Click OK twice, click Apply, and then click OK again to save the settings.

As is evident from the list, a vast number of existing alert definitions can be configured, and many thresholds can be set. In addition, more custom alerts can be configured by clicking the Add button on the Alerts Properties dialog box and following the wizard. This allows for an even greater degree of customization.

Monitoring Session and Services Activity

The Services tab, shown in Figure 16.19, offers a quick glance view of the ISA Services, if they are running, and how long they have been up since last being restarted. The services can also be stopped and started from this tab.

Figure 16.19. Monitoring ISA Services.

The Sessions tab allows for more interaction, as individual unique sessions to the ISA Server can be viewed and disconnected as necessary. For example, it may be necessary to disconnect any users who are on a VPN connection, if a change to the VPN policy has just been issued. This is because VPN clients that have already established a session with the ISA Server are only subject to the laws of the VPN policy that was in effect when they originally logged in. To disconnect a session, right-click on it and choose Disconnect Session, as shown in Figure 16.20.

Figure 16.20. Disconnecting a session.

Creating Connectivity Verifiers

Connectivity verifiers can be a useful way of extending ISA's capabilities to include monitoring of critical services within an environment, such as DNS, DHCP, HTTP, or other custom services. Connectivity verifiers are essentially a "quick and dirty" approach to monitoring an environment with very little cost because they take advantage of ISA's alerting capabilities and the Dashboard to display the verifiers.

For example, the following steps illustrate setting up a connectivity verifier that checks the status of an internal SharePoint server:

1.	In the Monitoring node of the ISA Console, click on the Connectivity tab of the Details pane.
2.	In the Tasks tab of the Tasks pane, click the Create New Connectivity Verifier link.
3.	Enter a name for the connectivity verifier, such as Web Server Verifier, and click Next.
4.	Under the Connectivity Verification Details dialog box, enter the server FQDN, the group type (which simply determines how it is grouped on the Dashboard), and what type of verification method to usein this case an HTTP GET request, as shown in Figure 16.21. Figure 16.21. Configuring a SharePoint HTTP connectivity verifier.
5.	Click Finish.
6.	Click Yes when prompted to turn on the rule that allows ISA Server to connect via HTTP to selected servers.
7.	Click Apply and click OK.

Once created, connectivity verifiers that fit into the major group types are reflected on the Dashboard. Creating multiple connectivity verifiers in each of the common group types can make the Dashboard a more effective monitoring tool.