Module 2: Installing and Maintaining ISA Server Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients Advanced Firewall Client Configuration Securing ISA Server 2004 Maintaining ISA Server 2004 Lesson: Installing ISA Server 2004 System and Hardware Requirements for ISA Server 2004 Installation Types and Components Configuration Choices During Installation How to Perform an Unattended Installation of ISA Server 2004 How to Verify an Installation of ISA Server 2004 Default Configuration for ISA Server 2004 How to Modify the ISA Server Installation Upgrade Options from ISA Server 2000 to ISA Server 2004 System and Hardware Requirements for ISA Server 2004 Windows Server 2000 or Windows Server 2003 Windows Server 2000 or Windows Server 2003 CPU CPU RAM RAM 256 MB 500 MHz Hard Disk Format Hard Disk Format NTFS Hard Disk Space Hard Disk Space 150 MB Internal Internal External External Installation Types and Components Configuration Choices During Installation Practice: Installing ISA Server 2004 Installing ISA Server 2004 Internet Den-ISA-01 Den-DC-01 How to Perform an Unattended Installation of ISA Server 2004 Why Use an Unattended Installation of ISA Server? Modifying the Msisaund.ini File [Setup Property Assignment] PIDKEY=xxxxxxxxxxxxxxxxxxxxxxxxx INTERNALNETRANGES=1 192.168.1.0-192.168.1.255 INSTALLDIR=C:\Program Files\Microsoft ISA Server COMPANYNAME=Coho Vineyards DONOTDELLOGS=1 DONOTDELCACHE=1 ADDLOCAL=MSFirewall_Management,MSFirewall_ Services,Message_Screener,MSDE [Setup Property Assignment] PIDKEY=xxxxxxxxxxxxxxxxxxxxxxxxx INTERNALNETRANGES=1 192.168.1.0-192.168.1.255 INSTALLDIR=C:\Program Files\Microsoft ISA Server COMPANYNAME=Coho Vineyards DONOTDELLOGS=1 DONOTDELCACHE=1 ADDLOCAL=MSFirewall_Management,MSFirewall_ Services,Message_Screener,MSDE Running an Unattended Setup D:\Setup.exe /V” /qn FULLPATHANSWERFILE= \”c:\MSISAUND.INI\”” D:\Setup.exe /V” /qn FULLPATHANSWERFILE= \”c:\MSISAUND.INI\”” How to Verify an Installation of ISA Server 2004 Verify that the ISA Server services are installed and started Verify that the MSDE services are installed and started Review the setup log files Check the Application Log in the Event Viewer Check for ISA Server Alerts Only Administrators can modify firewall policies Only Administrators can modify firewall policies Traffic is routed between the ISA Server and all other networks Traffic is routed between the ISA Server and all other networks Traffic between the Internal network, the VPN network, the VPN Quarantine network, and the Internet will use network address translation Traffic between the Internal network, the VPN network, the VPN Quarantine network, and the Internet will use network address translation Traffic is routed between the VPN network and the Internal network Traffic is routed between the VPN network and the Internal network Default Configuration for ISA Server 2004 System policy permits access to the ISA Server but access rules deny all network traffic through the ISA Server System policy permits access to the ISA Server but access rules deny all network traffic through the ISA Server No servers are published No servers are published Web Proxy requests will be retrieved directly from the Internet Web Proxy requests will be retrieved directly from the Internet Caching is disabled Caching is disabled A rule enabling access to the Firewall Client installation share is configured if you install the Firewall Client installation files A rule enabling access to the Firewall Client installation share is configured if you install the Firewall Client installation files Only Administrators can modify firewall policies Traffic is routed between the ISA Server and all other networks Traffic between the Internal network, the VPN network, the VPN Quarantine network, and the Internet will use network address translation Traffic is routed between the VPN network and the Internal network System policy permits access to the ISA Server but access rules deny all network traffic through the ISA Server No servers are published Web Proxy requests will be retrieved directly from the Internet Caching is disabled A rule enabling access to the Firewall Client installation share is configured if you install the Firewall Client installation files [...]... Installation and Default Configuration of ISA Server 2004 Verifying the successful installation of ISA Server 2004 Examining the default installation of ISA Server 2004 Den -ISA- 01 Internet Den-DC-01 How to Modify the ISA Server Installation Options Upgrade Options from ISA Server 2000 to ISA Server 2004 In-Place Upgrade Install ISA Server 2004 ISA Server 2000 Migration Extract the ISA Server 2000 configuration... configuration Import the ISA Server Configuration ISA Server 2000 Install ISA Server 2004 Lesson: Choosing ISA Server Clients Types of ISA Server Clients How to Configure a SecureNAT Client How to Configure Web Proxy Clients Guidelines for Choosing an ISA Server Client Types of ISA Server Clients Does not require you to deploy client software Internet SecureNAT Client ISA Server Web Proxy Client Improves... Den -ISA- 01 Practice: Configuring Automatic Discovery Configure the ISA Server for Automatic Discovery Configure DHCP for Automatic Discovery Configure DNS for Automatic Discovery Den -ISA- 01 Internet Den-Clt-01 Den-DC-01 DNS Server DHCP Server Lesson: Securing ISA Server 2004 ISA Server and Defense in Depth About Using Security Templates to Secure the Server Methods for Implementing Security Updates Guidelines...  Disable components if not required Configuring Administrative Roles ISA Server Administrative Roles Role Description ISA Server Basic Monitoring Monitor ISA Server and network activity Cannot configure monitoring functionality ISA Server Extended Monitoring Can perform all monitoring tasks Can modify monitoring configuration ISA Server Full Administrator Can perform all administrative tasks ... clients Practice: Configuring SecureNAT and Web Proxy Clients Configuring ISA Server to log client connections Configuring and testing a SecureNAT client Configuring and testing a Web Proxy client Den -ISA- 01 Internet Den-Clt-01 Den-DC-01 Lesson: Installing and Configuring Firewall Clients How to Configure Firewall Client Settings The Firewall Client Installation and Configuration Process Options for... the number of Windows 2000 and Windows Server 2003 built-in services How to Secure the Network Interfaces Secure the External Network Interface  Disable File and Printer Sharing for Microsoft Networks and Client for Microsoft Networks  Disable NetBIOS over TCP/IP  Disable LMHOSTS lookup  Disable automatic DNS name registration Configure the Internal Network Interface  Disable components if not required... Installation and Configuration Process The Firewall Client: Uses a common Winsock service provider that other Winsock applications use to connect to application servers Intercepts Winsock client application calls for remote application servers and redirects the request to ISA Server Install the Firewall Client: From the Firewall Client share on computer running ISA Server or another network share Practice: Installing. .. RemoteBindUdpPorts=3000-3050 ServerBindTcpPorts=100-300 ProxyBindIp=80:192.168.10.20, 82:1 92.168.10.30 KillOldSession=1 Persistent=1 ForceCredentials=1 NameResolutionForLocalHost=L What Is the Automatic Discovery Feature? Where is Lon -ISA- 02? Query DHCP or DNS for a WPAD entry DNS or DHCP Server WPAD: Den -ISA- 01 Firewall Client Request Configuration Configuration File Den -ISA- 01 Practice: Configuring... updates is to know what security updates are available and the security issues each update is designed to fix Use tools like Microsoft Baseline Security Analyzer, Windows Update Service, Microsoft Windows Update Services, and Systems Management Server to implement security updates Implement security updates on ISA Server only after thorough evaluation and testing Guidelines for Enabling Only Required Services... default gateway How to Configure Web Proxy Clients Guidelines for Choosing an ISA Server Client If you need to… Then use… Avoid deploying client software SecureNAT clients Use ISA Server only for forward caching SecureNAT or Web Proxy clients Allow access only for authenticated clients Firewall clients or Web Proxy clients Publish servers on your internal network SecureNAT clients Improve Web performance . Module 2: Installing and Maintaining ISA Server Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring. 2000 Install ISA Server 2004 Install ISA Server 2004 ISA Server 2000 ISA Server 2000 Extract the ISA Server 2000 configuration Extract the ISA Server 2000 configuration Import