Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario Overview Implementing a Back-to-Back Firewall Scenario Lab: Implementing a Back-to-Back Firewall Scenario Lesson: Implementing a Back-to-Back Firewall Scenario Issues in Deploying a Back-to-Back Firewall Solution Guidelines for Configuring ISA Servers in a Workgroup Guidelines for Implementing Network Load Balancing Guidelines for Configuring a Front-End Firewall Array Guidelines for Configuring a Back-End Firewall Array Issues in Deploying a Back-to-Back Firewall Solution Issues in deploying a back-to-back firewall configuration include: Issues in deploying a back-to-back firewall configuration include: Using public or private IP addresses in the perimeter network Deploying the ISA Server computers in a domain or workgroup Configuring network load balancing Configuring name resolution and network routing Configuring access to Configuration Storage servers Configuring configure publishing rules and access rules Configuring SSL connections Configuring user authentication Using public or private IP addresses in the perimeter network Deploying the ISA Server computers in a domain or workgroup Configuring network load balancing Configuring name resolution and network routing Configuring access to Configuration Storage servers Configuring configure publishing rules and access rules Configuring SSL connections Configuring user authentication Guidelines for Configuring ISA Servers in a Workgroup ISA Server Enterprise Edition supports the following deployment scenarios: ISA Server Enterprise Edition supports the following deployment scenarios: Deploying all ISA Server components on workgroup members Deploying all ISA Server components on workgroup members Deploying ISA Server components in a mixed configuration Deploying ISA Server components in a mixed configuration Deploying all ISA Server components on domain members Deploying all ISA Server components on domain members You can change the deployment configuration after deployment You can change the deployment configuration after deployment Guidelines for Implementing Network Load Balancing Configuring intra-array addressing: Configuring intra-array addressing: Used by array members to communicate with other array members If not enabling NLB, use the internal network for the intra- array network If enabling NLB, create a separate IP address or a separate network for the intra-array addresses Used by array members to communicate with other array members If not enabling NLB, use the internal network for the intra- array network If enabling NLB, create a separate IP address or a separate network for the intra-array addresses When configuring network load balancing: When configuring network load balancing: Do not use a layer-2 switch to connect array members If all networks are enabled for NLB, add an additional network adapter and create a separate network for intra- array traffic Do not use a layer-2 switch to connect array members If all networks are enabled for NLB, add an additional network adapter and create a separate network for intra- array traffic Guidelines for Configuring a Front-End Firewall Array On the front-end firewall array, you need to configure: On the front-end firewall array, you need to configure: Network routing The Internal network IP addresses The network relationship Access to resources on the perimeter network Access to resources on the Internal network SSL publishing for perimeter network servers SSL publishing for Internal network servers Authentication Network routing The Internal network IP addresses The network relationship Access to resources on the perimeter network Access to resources on the Internal network SSL publishing for perimeter network servers SSL publishing for Internal network servers Authentication When configuring a back-to-back firewall, begin by defining the Internal and External networks for both arrays When configuring a back-to-back firewall, begin by defining the Internal and External networks for both arrays Guidelines for Configuring a Back-End Firewall Array On a back-end firewall array, you need to configure: On a back-end firewall array, you need to configure: The internal network IP addresses Network routing The perimeter network on the internal array Network objects Access to perimeter network resources Access for front-end ISA Server computers Access to resources on the Internal network Internal network access for domain members The internal network IP addresses Network routing The perimeter network on the internal array Network objects Access to perimeter network resources Access for front-end ISA Server computers Access to resources on the Internal network Internal network access for domain members Practice: Planning a Back-to-Back Firewall Deployment In this practice, you will analyze a scenario describing an organization’s requirements for deploying a back-to-back firewall solution and plan the front-end array and back-end array configuration Lab 12: Implementing a Back-to-Back Firewall Scenario Exercise 1: Enabling Network Load Balancing for the Main\Front-End Array Host1 Host2 Den-DC-01 Den-ISAEE-02 Den-ISAEE-01 Den-CSS-01 Den-ISAEE-03 Gen-Web-01 Den-Msg-01 Den-Web-01 Exercise 2: Installing and Configuring the Front-End Array Server Exercise 3: Configuring Firewall Rules for Resource Access Internet Den-ISA-01 Den-DC-01 Den-Msg-01 Gen-Web-01 Den-ISA-02 Den-ISA-03 Den-Web-01 Den-CSS-01 . Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario Overview Implementing a Back-to-Back Firewall Scenario Lab:. Scenario Lab: Implementing a Back-to-Back Firewall Scenario Lesson: Implementing a Back-to-Back Firewall Scenario Issues in Deploying a Back-to-Back Firewall