Configuring Existing Firewalls to Utilize ISA Server 2004 Reverse Proxy


For various reasons, it may not be feasible or desired to replace an existing firewall with an ISA Server firewall. In these circumstances, the ISA Server can still be utilized for reverse proxy capabilities, and it can be deployed in the DMZ of the existing firewall.

What this effectively means is that ISA Server effectively can be treated as an isolated web server from the firewall's perspective. The configuration steps on the packet-filter firewall are therefore straightforward.

Understanding Packet-Filter Firewall Configuration for ISA Server Publishing

Simply opening the proper port (HTTP and/or SSL) to the ISA Server, and then from the ISA server to the Internal web server, is all that is necessary. For example, the following rule illustrates the firewall rules that would be set up on the packet-filter firewall shown in Figure 7.4

  • NAT 12.155.166.151 to 172.16.1.10

  • Allow 443 from External to 172.16.1.10

  • Allow 443 from 172.16.1.10 to 10.10.10.20

Figure 7.4. Examining the Listener Networks tab.


Each firewall product will have a different way of configuring rules. Consult the product documentation for information on how to set these up.

Isolating and Securing an ISA Security Appliance

This concept drives home the real benefit of ISA in the DMZ, isolating and protecting the web services from direct physical access from the Internet. In this design, even if an attacker were able to compromise and overcome the ISA server, he or she would be isolated in the DMZ of the firewall, and able to communicate over only a single port to a single server in the internal network. This adds another security layer into an already secure environment, and enables ISA to scan the traffic at the Application layer, adding yet another layer of security.



    Microsoft Internet Security and Acceleration ISA Server 2004 Unleashed
    Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
    ISBN: 067232718X
    EAN: 2147483647
    Year: 2005
    Pages: 216
    Authors: Michael Noel

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net