This next window is specifies the IP addresses on the internal network, if you need to add more or edit any this is the place to do it otherwise click Next
The next window asks if you want to allow non-encrypted firewall client connections. We will tick this box as allowing this option enables the connection of earlier versions of Windows® platform systems, and then click Next
The next screen is a warning screen in respect to what you are configuring the server to do, it indicates what services will be restarted during the installation and services that are disabled during the installation. Click Next
And then click Install.
Installation should be indicated by a status bar pictured below
Once the software has finished installing you will be asked if you want to invoke or activate the server when you click finish. Put a tick in the box and click Next
Configuring the ISA Server software
The policy list
To configure the ISA Server as per company policies and guidelines is as follows; firstly we will address the allow list consisting of HTTP, SMPT, FTP.
Open the Microsoft ISA server management console found in All Programs, highlight Enterprise Policies then on the right hand side click Create New Enterprise Policy.
Next, enter the name of the policy as “Global Solutions internet access policy” and click Enter
Then click Finish and then click Apply the save changes and update the configuration. You will then see a status bar, when the progress of the status bar is completed click Ok
This has created a new Enterprise policy and should appear underneath the default policy.
Making access rules
Click the newly made policy and look to the right hand side of the screen and select Create Enterprise Access Rule. This will open a window asking you to name the rule. This rule will be called “Global Solutions allow list” then click Next
Next click Allow and click Next
The next window is where we will select the protocols. From the drop down box select Selected Protocols and then select Add. This will open a window (Add Protocols), expand the All Protocols folder and add the following as pictured below;
• HTTP for interacting with websites
• SMPT for access To Mail
• FTP for file transfers
Then click Close and then click Next
This open a new window called “Access Rule Sources”. This is where we apply the rules to and from.
Click Add to open the network entities window and add All Protected Networks, Anywhere, External and Local Host then click Close and Next
When you clicked next it opened another window similar to the last one. This window except this window is to define the traffic destination whereas the previous window defined the traffic source for the rule.
Click Add to open the network entities window and add All Protected Networks, Anywhere, External and Local Host then click Close and Next
Leave the next setting as the default selection of all users and click Next
Then click Finish to complete the allow access rule. Next you must click the Apply button to apply and save the changes. This is half of the rule completed as we have to now configure and apply the deny or blocking part of the configuration. This is done as follows;
Making deny rules
This is performed much the same way as the allow rule with slight differences. Click the “Global Solutions internet access policy” on the left so it appears highlighted and click Create Enterprise Access Rule to open the wizard.
Enter the name “Global Solutions Deny List” and click Next
By default, the next window should display the Deny already selected, leave at the default setting and click Next
From the drop down box select “All outbound traffic except where selected” and click Add. This option will deny all traffic except what we are going to select now. Select the three protocols that the company wishes to allow. Expand the folder named “All Protocols” and select and Add the HTTP, SMTP and FTP list as per your company policy.
This open a new window called “Access Rule Sources”. This is where we apply the rules to and from.
Click Add to open the network entities window and add All Protected Networks, Anywhere, External and Local Host then click Close and Next
Repeat the previous steps in the Access Rule Destination. Once this is done do not close the window, click the URL Sets folder and then click New. This will open a menu box where you will you will select URL Set as pictured below.
At the top of the window click New to open the New URL Set Rule Element where you will enter the name of the protocol Adult entertainment sites and then click Add. This opens a section to start entering the sex site URL’s that are to be blocked. These sites will be entered under their specific protocol names.
These are as follows;
• No access to Adult entertainment sites
• No access to gambling sites
• No access to Illegal downloading sites
• No Internet relay chat
Make each protocol and add the site addresses to the respective protocol names. Once completed these new protocols have to be added to the Access Rule Destination list as pictured below. Click Close and then click Next
Leave the next setting as the default selection of all users and click Next
Then click Finish to complete the allow access rule. Next you must click the Apply button to apply and save the changes.
If completed as written the window should resemble the picture below.
Activating the policy
Once all the configuration of the policy has been completed, it will have to be selected by the software as the first rule to use as opposed to the default rule will, at the moment, denies everything. To do this, expand the folders on the left hand side to display the contents of the Arrays. Select the Server icon and click it. Next move the mouse to the right hand side of the screen and select Configure Array Properties pictured below.
This will open the named server properties window, in this window we need to select the Policy Setting tab. From the drop down menu select “Global Solutions internet access policy”, click Apply then click Ok
Once this is completed you must then click the Apply button to save and apply the configurations.
To edit selected rules and add ports
To edit a selected rule click the rule on the left hand side Global Solutions internet access policy and then click Edit Selected Rule on the right hand side. This opens a window Global Solutions allow list properties. Select the Protocol tab and click the Ports…button.
Enter the port range to be limited access then click Ok and click Apply and then Ok. Then click Apply in the main window
The ISA server is now configured as per company policy and is ready to be put live.
Exporting the settings to XML file
Once all the settings are configured we will export the file to an XML file to import on the other server sites. To do this click Action then click Explore. This opens the Export Wizard click Next.
Put a tick in the box Export user permission settings then click Next.
Use the browse option to indicate the save path and click Next.
Save the file to a floppy disc for importation into remaining sites as the company gateways.
To download this tutorials full version with screen shots please Click below
Word Doc Version PDF Version |
