In addition to the robust Logging mechanism, the ISA Monitoring node also contains various tabs that link to other extended troubleshooting and monitoring tools. Each of these tools performs unique functions, such as generating reports, alerting administrators, or verifying connectivity to critical services. It is subsequently important to understand how each of these tools works. Customizing the ISA DashboardThe ISA Dashboard, shown in Figure 16.15, provides quick and comprehensive monitoring of a multitude of ISA components from a single screen. The view is customizable, and individual components can be collapsed and/or expanded by clicking on the Arrow buttons in the upper-right corner of each of the components. All the individual ISA monitoring elements are summarized here. Figure 16.15. Viewing the ISA Dashboard.TIP The ISA Dashboard is the logical "parking" page for ISA administrators, who can leave the screen set at the Dashboard to allow for quick glance views of ISA health. Monitoring and Customizing AlertsThe Alerts tab, shown in Figure 16.16, lists all the status alerts that ISA has generated while it is in operation. It is beneficial to look through these alerts on a regular basis and acknowledge them when no longer needing to display them on the Dashboard. If alerts need to be permanently removed, they can be reset instead. Resetting or acknowledging alerts is a simple as right-clicking on them and choosing Reset or Acknowledge. Figure 16.16. Viewing the ISA Alerts tab.Alerts appear in this list because their default alert definition specifies an action to display them in the console. This type of alert behavior is completely customizable, and alerts can be made to do the following actions:
For example, it may be necessary to force a stop of the firewall service if a specific type of attack is detected. Configuring alert definitions is relatively straightforward. For example, the following process illustrates how to create an alert that sends an email to an administrator when a SYN attack is detected:
As is evident from the list, a vast number of existing alert definitions can be configured, and many thresholds can be set. In addition, more custom alerts can be configured by clicking the Add button on the Alerts Properties dialog box and following the wizard. This allows for an even greater degree of customization. Monitoring Session and Services ActivityThe Services tab, shown in Figure 16.19, offers a quick glance view of the ISA Services, if they are running, and how long they have been up since last being restarted. The services can also be stopped and started from this tab. Figure 16.19. Monitoring ISA Services.The Sessions tab allows for more interaction, as individual unique sessions to the ISA Server can be viewed and disconnected as necessary. For example, it may be necessary to disconnect any users who are on a VPN connection, if a change to the VPN policy has just been issued. This is because VPN clients that have already established a session with the ISA Server are only subject to the laws of the VPN policy that was in effect when they originally logged in. To disconnect a session, right-click on it and choose Disconnect Session, as shown in Figure 16.20. Figure 16.20. Disconnecting a session.Creating Connectivity VerifiersConnectivity verifiers can be a useful way of extending ISA's capabilities to include monitoring of critical services within an environment, such as DNS, DHCP, HTTP, or other custom services. Connectivity verifiers are essentially a "quick and dirty" approach to monitoring an environment with very little cost because they take advantage of ISA's alerting capabilities and the Dashboard to display the verifiers. For example, the following steps illustrate setting up a connectivity verifier that checks the status of an internal SharePoint server:
Once created, connectivity verifiers that fit into the major group types are reflected on the Dashboard. Creating multiple connectivity verifiers in each of the common group types can make the Dashboard a more effective monitoring tool. |