In addition to the capability to secure RPC traffic and custom-defined services traffic, ISA Server 2004 also contains several other default server publishing rules that can be used to secure commonly used services. It is important to understand what these services are and how they can be secured with ISA Server.
Outlining Default Server Publishing Rules in ISA Server
The list of protocols available by default with server publishing rules is extensive and includes the following:
With the server publishing rule capabilities that ISA possesses, any one of these services can be secured easily behind an ISA Server.
Creating a Server Publishing Rule
Just as with an RPC Server Publishing rule, an ISA Server Publishing rule is straightforward to set up and configure. The following procedure illustrates how to set up one of these rules. In this case, RDP (Terminal Services) is published from the External network to a server in the Perimeter network via the following procedure:
Defining a Custom Publishing Rule
A good deal of customization can be done on individual server publishing rules and on individual protocols. This enables custom publishing rule scenarios to be implemented and custom protocols to be established. For example, clicking on the Ports button on the Select Protocol dialog box from the Server Publishing step-by-step provided earlier brings up the dialog box shown in Figure 15.12.
Figure 15.12. Customizing server publishing rule port settings.
This dialog box allows for customization of the port the service will use, which can be useful when publishing a known service on a different port. For example, some organizations may want their users to connect to a standard FTP port (port 21) when connecting to a server on the Internet, but to have that server itself actually use a different port such as 2021, for security reasons. Creating an FTP server publishing rule and then modifying these port settings allows for this type of functionality.
In addition, custom protocols can be created for use in server publishing rules. For example, if a particular application used a custom port of TCP 12345 for its service, a custom protocol could be generated in ISA with the following procedure:
Once created, the Protocol can be used for either access rules or server publishing rules, depending on the direction defined in the port settings (outbound versus inbound).