This chapter explains how to install and configure Microsoft ISA Server 2004 Standard Edition. Chapter 3, "Installing and Configuring Microsoft ISA Server Enterprise Edition," covers procedures unique to installing and configuring ISA Server 2004 Enterprise Edition. If you are upgrading from Microsoft ISA Server 2000, be sure to consult Chapter 5, "Upgrading from Microsoft ISA Server 2000." For information about installing ISA Server with Microsoft Small Business Server, see Chapter 20, "Configuring Microsoft ISA Server with Microsoft Small Business Server 2003." We also discuss in more detail how to install and configure optional components such as the Firewall Client Installation Share and the Message Screener.
Before starting your installation, ensure that the ISA Server computer meets the prerequisites described in Chapter 1, "Overview of Microsoft ISA Server 2004 Administration," in addition to the following requirements:
Critical updates Be certain you install all critical updates for the computer on which you will install ISA Server 2004. On a Microsoft Windows Server 2000 computer, you must have Service Pack 4 or later and be running Microsoft Internet Explorer 6.0 or higher, and install the hotfix described in the Microsoft Knowledge Base article 821887.
Network adapters If you wish to use the firewall features of ISA Server, you need at least two network adapters, or a network adapter and a dial-up connection. If you wish to use only Internet content caching, one network adapter will suffice.
TCP/IP settings Ensure that your internal network adapters' Transmission Control Protocol/Internet Protocol (TCP/IP) settings are set to static addresses. To check the configuration, access your Network Settings, right-click the network interface, choose Properties, select Internet Protocol (TCP/IP), click Properties, and ensure that the IP address is not set to Automatically Obtain An IP Address.
Modem or ISDN adapter If you are using a dial-up connection to communicate with another network, you need to ensure that you first configure the dialup connection in Windows, and then configure ISA Server to use it.
Windows routing table Because ISA Server should not have a default gateway for the internal network adapters, ensure that the ISA Server's routing table provides paths to all computers with which it must communicate. You need to specify the default gateway for your external network adapter.
Secure your server Be sure to read the directions contained in the ISA Server 2004 Security Hardening Guide documentation, located at http://go.microsoft.com/fwlink/?LinkID=24507. This information will help guide you in placing your ISA server in the most secure environment possible.
Services When ISA Server 2004 installs, Internet Connection Sharing (ICS), Internet Connection Firewall (ICF), and IP NAT are disabled. The installation process stops the following services (if they are already installed and started) during the install:
Simple Network Management Protocol (SNMP) service
FTP Publishing service
Network News Transfer Protocol (NNTP)
Internet Information Services (IIS) Admin service
World Wide Web Publishing service
Message Screener If you will be using the Message Screener, which allows you to filter Simple Mail Transfer Protocol (SMTP) e-mails, you will need to install the IIS SMTP service prior to installing ISA Server 2004. You can install the Message Screener on another machine that is running SMTP after installing ISA Server.
You should ensure that, if the ISA server is going to be your perimeter firewall, you do not connect the internal network adapter to the Internet, which prevents it from functioning as a firewall and opens it to compromise by attackers, worms, malware, and/or viruses.