One of the major improvements in ISA Server 2004 over older versions of the software is the capability to back up individual or complete ISA settings to a simple text file in Extensible Markup Language (XML) format for easy import into other servers. This functionality gives administrators much more flexibility to export individual rules or other ISA elements and then import them into additional servers or use them to restore a server.
Exporting Individual Sets of Rules
ISA Server export is not limited in scope, but can be used to export out individual rules, entire rule sets, or other specific functionality on a server. These configuration sets can subsequently be imported back into ISA Server or onto another ISA Server configuration. This includes export and import of rules and configuration from ISA Server 2004 Standard Edition to ISA Server 2004 Enterprise Edition. The advantages to this functionality are immediately obvious because individual customized elements can be backed up easily and restored at will.
To export all the firewall policy rules, perform the following steps:
Because the exported files contain sensitive information that could potentially compromise a network or system, they should be protected and stored in a safe location and deleted when they are no longer needed.
Exporting the Entire ISA System Config to an XML File
A firewall's entire configuration can be exported for disaster protection reasons, as well as to assist with the configuration of a large number of ISA servers. Because the system policy rules are often server specific, you can export the entire server configuration without the system policy rules by using the Export feature, or you can export the entire configurationincluding the system policy rulesby using the Backup feature.
The only difference between a full configuration export and a backup is that the Backup feature also copies system policy rules. Otherwise, the techniques are identical.
To perform a backup of the ISA configuration, with all system policy rules and custom-configured rules (often used for disaster protection and recovery), perform the following steps:
In some cases, you may want to export only the configuration without the system policy rules. This is normally done when replicating settings between multiple ISA servers. To export the configuration of an ISA server, perform the following steps:
As previously mentioned, because the exported files contain sensitive information that could potentially compromise your network or system, they should be protected and stored in a safe location and deleted when they are no longer needed.
Exporting URL Sets
URL sets can be used to limit traffic destinations based on URLs. Because it is often very labor intensive to manually enter in these sets of URLs, it is often ideal to manually export and import then between ISA servers. To export all URL sets on a server, perform the following steps:
If individual URL sets need to be exported, a similar procedure can be used to do so:
The automatic import and export of URL sets can greatly ease the administrative burden of managing lists of websites for specific ISA rules and configuration.