1. Trang chủ
  2. » Công Nghệ Thông Tin

Tài liệu Module 3: Enabling Access to Internet Resources potx

36 518 2
Tài liệu được quét OCR, nội dung có thể không chính xác

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 36
Dung lượng 2,54 MB

Nội dung

Trang 1

Module 3: Enabling Access to Internet

Trang 2

Overview

ISA Server 2004 as a Proxy Server

Configuring Multi-Networking on ISA ServerConfiguring Access Rule Elements

Trang 3

Lesson: ISA Server 2004 as a Proxy Server

How ISA Server Enables Secure Access to Internet Resources

Why Use a Proxy Server?

How Does a Forward Web Proxy Server Work?What Is a Reverse Web Proxy Server?

How to Configure ISA Server as a Proxy ServerDNS Configuration for Internet Access

How to Configure Web Chaining

Trang 4

How ISA Server Enables Secure Access to Internet ResourcesISAServerISAServerWebServerWebServerProxy ServerIs the …User allowed access?

Computer allowed access?Protocol allowed?

Trang 5

Why Use a Proxy Server?

Improved Internet access security:User authentication

Filtering client requestsContent inspection

Logging user access

Hiding the internal network detailsUser authentication

Filtering client requestsContent inspection

Logging user access

Hiding the internal network detailsISA Server

Improved Internet access performance

Trang 9

DNS Configuration for Internet Access

Configure ISA Server clients to use an internal DNS server if the DNS server can resolve Internet addressesConfigure ISA Server clients to use an internal DNS server if the DNS server can resolve Internet addresses

If no internal DNS server is available to resolve Internet addresses, configure the ISA Server clients to use an Internet DNS server

If no internal DNS server is available to resolve Internet addresses, configure the ISA Server clients to use an Internet DNS server

ISA Server includes a DNS cache that caches the results of all DNS lookups performed through ISA Server

ISA Server includes a DNS cache that caches the results of all DNS lookups performed through ISA Server

ISA Server can proxy DNS requests for Web proxy and Firewall clients but not for SecureNAT clients

Trang 10

How to Configure Web Chaining

Head OfficeBranch Office

Internet

Trang 12

Practice: Configuring ISA Server as a Web Proxy Server

Configuring the proxy server settings on ISA Server

InternetDen-ISA-01

Trang 13

Lesson: Configuring Multi-Networking on ISA Server

How Does ISA Server 2004 Support Multiple Networks?Default Networks Enabled in ISA Server

About Network Objects

Trang 14

Internet

How Does ISA Server 2004 Support Multiple Networks?

Support any Number of NetworksVPN Networks Represented

as Networks

Dynamic NetworkMembership

Per Network RulesPer Network Policies

Network SetsLAN1

LAN2VPN

Trang 15

Default Networks Enabled in ISA Server

Default NetworkIncludes

Local Host The ISA Server

Default External All IP addresses not associated with another networkInternal All IP addresses specified as internal during installationVPN Clients All IP addresses for currently connected VPN clients

Quarantined VPN Clients

All IP addresses of connected VPN clients that have not cleared

Trang 16

About Network Objects

Network ObjectIncludes

Network All computers connected to a single network interfaceNetwork Set One or more networks

Computer A single computer identified by an IP address

Computer Set All computers included in specified computer, subnet or address range objects

Address Range All computers identified by continuous IP addressesSubnet All computers on a specified subnet

URL Set All specified URLs

Domain Name Set All specified domain names

Trang 17

How to Create and Modify Network Objects

Click Firewall Policy, Toolbox, then Network ObjectsClick Firewall Policy, Toolbox, then Network Objects

Click Networks, then

Networks or Network SetsClick Networks, then

Trang 18

What Are Network Rules?

NAT connection:

A NAT relationship is directional

Addresses from the source network are always translated when passing through ISA ServerA NAT relationship is directional

Addresses from the source network are always translated when passing through ISA ServerRoute connection:

A route relationship is bidirectional

If a routed relationship is defined from network Ato network B, a routed relationship also exists from network B to network A

A route relationship is bidirectional

Trang 19

Practice: Managing Network Objects

Configuring a new network on ISA Server

Configuring a new network rule on ISA Server

Configuring a new computer networkobject on ISA Server

InternetDen-ISA-01

Trang 20

Lesson: Configuring Access Rule Elements

What Are Access Rule Elements?How to Configure Protocol ElementsHow to Configure User Elements

How to Configure Content Type ElementsHow to Configure Schedule Elements

Trang 21

What Are Access Rule Elements?

Access Rule ElementUsed to Configure

Protocols The protocols that will be allowed or denied by an access rule

Users The users that will be allowed or denied by an access rule

Content Types The content type that will be allowed or denied by an access rule

Schedules The time of day when Internet access will be allowed or denied by an access rule

Trang 24

How to Configure Content Type Elements

Define the MIMEtypes and file

extensions to includeDefine the MIME

types and file

Trang 25

How to Configure Schedule Elements

Trang 26

How to Configure Domain Name Sets and URL Sets

Trang 27

Practice: Configuring Firewall Rule Elements

Configuring a new user set

Configuring a new content type elementConfiguring a new schedule elementConfiguring a new URL set

InternetDen-ISA-01

Trang 28

Lesson: Configuring Access Rules for Internet AccessWhat Are Access Rules?

How Network Rules and Access Rules Are AppliedAbout Authentication and Internet Access

How to Configure Access RulesHow to Configure HTTP Policy

Trang 29

What Are Access Rules?AllowDenyAllowDenyUserDestination NetworkDestination IPDestination SiteDestination NetworkDestination IPDestination SiteProtocolIP Port/TypeProtocolIP Port/TypeSource networkSource IPSource networkSource IPScheduleContent TypeScheduleContent Type

Access rules always define:

Trang 31

About Authentication and Internet Access

Authentication and ISA Server ClientsAuthentication Methods

 Basic authentication

 Digest authentication

 Integrated Windows authentication

 Digital certificates authentication

 RADIUS authentication

Trang 34

InternetDen-ISA-01

Den-DC-01

Practice: Managing Access Rules

Creating a DNS Lookup Rule

Creating a Managers Access Rule Testing Internet Access

Trang 35

How to Troubleshoot Access to Internet Resources

Use ISA Server logging to determine which access rule is granting or denying access

Use ISA Server logging to determine which access rule is granting or denying access

To troubleshoot Internet access issues:Check for DNS name resolution

Determine the extent of the problem

Review access rule objects and access rule configurationReview access rule order

Check access rule authentication

Check for DNS name resolution

Determine the extent of the problem

Review access rule objects and access rule configurationReview access rule order

Trang 36

Lab: Enabling Access to Internet Resources

Exercise 1: Configuring ISA Server Access Rule Elements

Ngày đăng: 27/02/2014, 05:20