Đang tải... (xem toàn văn)
Module A: giới thiệu ISA 20066Module B: cấu hình Outbound Internet truy cập19Module C: Publishing Web Servers and Other Servers32Module D: Publishing an Exchange Server60Module E: Enabling VPN kết nối82Module F: ISA Server 2006 triển khai Branch Office Gateway105Module G: Enterprise Management of ISA Servers119Module H: cấu hình cân bằng tải138Module I: sử dụng giám sát lập file log 170lab tổng hợpMôđun A: Giới thiệu về Máy chủ ISA 6Bài tập 1 Khám phá giao diện người dùng 6Bài tập 2 Dễ sử dụng: Nhiều mạng 10Bài tập 3 Dễ sử dụng: Cơ sở quy tắc đơn 14Bài tập 4 Dễ sử dụng: Giám sát 17Môđun B: Cấu hình truy cập Internet đi 19Bài tập 1 Cho phép truy cập web đi từ máy tính của khách hàng 19Bài tập 2 Kích hoạt việc sử dụng lệnh Ping từ Máy tính khách 23Bài tập 3 Cho phép truy cập ra khỏi máy chủ ISA 25Bài tập 4 Định cấu hình Máy chủ ISA 2006 cho Khả năng chống lũ 27Môđun C: Xuất bản máy chủ web và các máy chủ khác 32Bài tập 1 Xuất bản một Máy chủ Web trong Mạng nội bộ 32Bài tập 2 Xuất bản Máy chủ Web trên Máy chủ Máy chủ 36Bài tập 3 Thực hiện dịch liên kết trên máy chủ web đã xuất bản 40Bài tập 4 Sử dụng dịch liên kết chéo trang web để xuất bản SharePoint Server 42Bài tập 5 Xuất bản trang trại web để cân bằng tải 46Bài tập 6 Xuất bản nhiều máy chủ đầu cuối 54Môđun D: Xuất bản Exchange Server 60Bài tập 1 Xuất bản quyền truy cập Web Quản lý chứng chỉ 60Bài tập 2 Xuất bản một Máy chủ Exchange cho SMTP và POP3 67Bài tập 3 Xuất bản Exchange Server cho Outlook (RPC) 69Bài tập 4 Xuất bản Exchange Server cho RPC qua HTTP 72Môđun E: Kích hoạt kết nối VPN 82Bài tập 1 Định cấu hình Máy chủ ISA để chấp nhận các kết nối VPN đến 82Bài tập 2 Định cấu hình máy tính khách để thiết lập kết nối VPN 85Bài tập 3 Cho phép truy cập mạng nội bộ cho khách hàng VPN 88Bài tập 4 Định cấu hình Kiểm dịch VPN trên Máy chủ ISA 90Bài tập 5 Tạo và phân phối hồ sơ trình quản lý kết nối 95Bài tập 6 Sử dụng cách ly VPN trên máy tính khách 101Môđun F: Máy chủ ISA 2006 là Cổng văn phòng chi nhánh 105Bài tập 1 Định cấu hình nén HTTP để giảm mức sử dụng băng thông 105Bài tập 2 Định cấu hình Máy chủ ISA vào Bộ nhớ cache BITS Nội dung 112Bài tập 3 Định cấu hình Cài đặt DiffServ để Ưu tiên Lưu lượng Mạng 116Môđun G: Quản lý doanh nghiệp của Máy chủ ISA 119Bài tập 1 Chính sách doanh nghiệp và Chính sách mảng 119Bài tập 2 Quản lý từ xa và Quản trị dựa trên vai trò 126Bài tập 3 Làm việc với Máy chủ lưu trữ cấu hình (Tùy chọn) 132Môđun H: Cấu hình cân bằng tải 138Bài tập 1 Định cấu hình Cân bằng tải mạng (NLB) 138Bài tập 2 Kiểm tra chi tiết về NLB 146Bài tập 3 Sử dụng CARP để phân phối nội dung bộ đệm 156Bài tập 4 Sử dụng CARP và Nội dung được lên lịch Tải xuống Công việc 164Môđun I: Sử dụng theo dõi, cảnh báo và ghi nhật ký 170Bài tập 1 Giám sát máy chủ ISA 170Bài tập 2 Kiểm tra kết nối từ máy chủ ISA 173Bài tập 3 Ghi nhật ký Máy khách Truy cập 176
ISA Server 2006 Lab Manual Module A: Introduction to ISA Server Module B: Configuring Outbound Internet Access Module C: Publishing Web Servers and Other Servers Module D: Publishing an Exchange Server Module E: Enabling VPN Connections Module F: ISA Server 2006 as Branch Office Gateway Module G: Enterprise Management of ISA Servers Module H: Configuring Load Balancing Module I: Using Monitoring, Alerting and Logging Lab version 3.0f (6-Aug-2006) 19 32 60 82 105 119 138 170 Lab Summary Lab Summary Contents There are nine modules in this lab You can complete each of these lab modules independent of the other modules The monitor icons ( ) indicate which virtual machines are needed The 06 code indicates exercises that are specific to ISA Server 2006 The EE code indicates exercises that are specific to ISA Server Enterprise Edition The up arrow ( ) indicates exercises that depend on the previous exercise Den Par Flo Fir Ist × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × 06 06 06 06 × 06 06 06 Lab Summary Module A: Introduction to ISA Server .6 Exercise Exploring the User Interface .6 Exercise Ease of Use: Multiple Networks Exercise Ease of Use: Single Rule Base 13 Exercise Ease of Use: Monitoring 16 Module B: Configuring Outbound Internet Access 18 Exercise Allowing Outbound Web Access from Client Computers 18 Exercise Enabling the Use of the Ping command from Client Computers .22 Exercise Allowing Outbound Access from the ISA Server .24 Exercise Configuring ISA Server 2006 for Flood Resiliency 26 Module C: Publishing Web Servers and Other Servers 30 Exercise Publishing a Web Server in the Internal Network .30 Exercise Publishing the Web Server on the ISA Server Computer 34 Exercise Performing Link Translation on a Published Web Server 38 Exercise Using Cross-Site Link Translation to Publish SharePoint Server 40 Exercise Publishing a Web Farm for Load Balancing .44 Exercise Publishing Multiple Terminal Servers 52 Module D: Publishing an Exchange Server 58 Exercise Publishing Exchange Web Access - Certificate Management 58 Exercise Publishing an Exchange Server for SMTP and POP3 65 Exercise Publishing an Exchange Server for Outlook (RPC) 67 Exercise Publishing an Exchange Server for RPC over HTTP .70 Module E: Enabling VPN Connections .80 Exercise Configuring ISA Server to Accept Incoming VPN Connections 80 Exercise Configuring a Client Computer to Establish a VPN Connection .83 Exercise Allowing Internal Network Access for VPN Clients 86 Exercise Configuring VPN Quarantine on ISA Server 88 Exercise Creating and Distributing a Connection Manager Profile 92 Exercise Using VPN Quarantine on the Client Computer .98 Module F: ISA Server 2006 as Branch Office Gateway 102 Exercise Configuring HTTP Compression to Reduce Bandwidth Usage .102 Exercise Configuring ISA Server to Cache BITS Content 109 Module H: Configuring Load Balancing Exercise Configuring DiffServ Settings to Prioritize Network Traffic 113 Module G: Enterprise Management of ISA Servers 116 Exercise Enterprise Policies and Array Policies 116 Exercise Remote Management and Role-based Administration 123 Exercise Working with Configuration Storage Servers (Optional) .129 Module H: Configuring Load Balancing 135 Exercise Configuring Network Load Balancing (NLB) 135 Exercise Examining Details on NLB .142 Exercise Using CARP to Distribute Cache Content 152 Exercise Using CARP and Scheduled Content Download Jobs 160 Module I: Using Monitoring, Alerting and Logging 165 Exercise Monitoring the ISA Server 165 Exercise Checking Connectivity from the ISA Server 168 Exercise Logging Client Computer Access 171 Lab Summary Lab Setup To complete each lab module, you need to review the following: Virtual PC This lab makes use of Microsoft Virtual PC 2004, which is an application that allows you to run multiple virtual computers on the same physical hardware During the lab you will switch between different windows, each of which contains a separate virtual machine running Windows Server 2003 Before you start the lab, familiarize yourself with the following basics of Virtual PC: To issue the Ctrl-Alt-Del keyboard combination inside a virtual machine, use the Alt-Del instead To enlarge the size of the virtual machine window, drag the right bottom corner of the window To switch to full-screen mode, and to return from full-screen mode, press Alt-Enter Lab Computers The lab uses five computers in virtual machines Denver.contoso.com (green) is domain controller for the contoso.com domain on the Internal network Denver runs DNS, RADIUS, Exchange 2003 SP1, SharePoint Services 2.0 and is also Certification Authority (CA) Istanbul.fabrikam.com (purple) is Web server and client computer on the External network (Internet) Istanbul runs Outlook 2003 Istanbul is not member of a domain Paris (red) runs ISA Server 2006 Standard Edition Paris has three network adapters, which connect to the Internal network, the Perimeter network and the External network (Internet) The Perimeter network is not used in this lab Florence (red) and Firenze (red) run ISA Server 2006 Enterprise Edition Both computers have three network adapters Florence and Firenze are in an array named Italy Only Florence runs Configuration Storage server (CSS) Module H: Configuring Load Balancing The computers cannot communicate with the host computer To allow you to examine and understand the traffic on the network, in each virtual machine Microsoft Network Monitor 5.2, which is part of Windows Server 2003, is installed To start the lab Before you can any of the lab modules, you need to start the virtual machines, and then you need to log on to the computers In each exercise you only have to start the virtual machines that are needed To start any virtual machine: On the desktop, double-click the shortcut Open ISA 2006 Lab Folder In the lab folder, double-click any of the Start computer scripts (For example: double-click Start Paris to start the Paris computer.) When the logon dialog box has appeared, log on to the computer To log on to a computer in a virtual machine: Press Alt-Del (instead of Ctrl-Alt-Del) to open the logon dialog box Type the following information: User name: Administrator Password: password and then click OK You can now start with the exercises in this lab manual Enjoy the lab! Comments and feedback Please send any comments, feedback or corrections regarding the virtual machines or the lab manual to: Ronald Beekelaar v-ronb@microsoft.com Lab version 3.0f (6-Aug-2006) Lab Summary Module A: Introduction to ISA Server Exercise Exploring the User Interface In this exercise, you will explore the user interface of ISA Server Note that the steps in this exercise and the other exercises in this module, not enable, configure or test the functionality of ISA Server In later modules, the functionality is configured and used in scenarios Tasks Detailed steps Note: This lab exercise uses the following computer: Paris Refer to the beginning of the manual for instructions on how to start this computer Log on to the computer Perform the following steps on the Paris computer On the Paris computer, explore the task pane a On the Paris computer, on the Start menu, click All Programs, click Microsoft ISA Server, and then click ISA Server Management The ISA Server console opens This is the console from which all configuration of the ISA server is done b In the ISA Server console, in the left pane, expand Paris, expand Configuration, and then select Add-ins Note: The Add-ins node is only used here as an example to start the exploration of the new user interface The user interface of the ISA Server console consists of three main parts: • The tree pane (or left pane) - This pane contains a short list of nodes The nodes logically group related management or configuration settings • The details pane (or right pane) - For each node in the left pane, the details pane contains detailed information related to the node The details pane may contain several tabs, such as Application Filters and Web Filters for the Addins node • The task pane - The task pane contains a Tasks tab with relevant commands for the selected node in the tree pane, or for the configuration element in the details pane The task pane also contains an Help tab with context sensitive help for the selected node or configuration element c Drag the vertical divider between the tree pane (left) and the details pane, to make the details pane area larger or smaller d On the vertical divider between the details pane and the task pane, click the arrow button The task pane closes to make a larger area of the screen available for the details pane e Click the arrow button again The task pane opens again to allow access to the commands on the task pane Module H: Configuring Load Balancing f Ensure that in the left pane, the Add-ins node is selected, and then in the right pane, on the Web Filters tab, select (for example) RADIUS Authentication Filter Notice that the available commands in the task pane change, when a configuration element (a web filter in this example) is selected in the right pane g In the right pane, right-click RADIUS Authentication Filter A context menu appears with commands applicable to this web filter (Do not click a command on the menu.) At any time, you can click the most common tasks in the task pane, or select from a more extensive list of commands by right-clicking the configuration element h In the task pane, select the Help tab The Help tab in the task pane provides context-sensitive help information related to the selection configuration element i In the task pane, select the Tasks tab The following task is related to the use of Virtual PC Explore how you can make the Virtual PC window larger, or switch to full-screen mode a Drag the bottom right corner of the Paris window, to make the window larger or smaller Virtual PC installs a special video driver in the guest operating system, which allows you to select any arbitrary resolution, by dragging the bottom right corner of the Virtual PC window b Press the Ctrl-key, and then drag the bottom right corner of the Virtual PC window, to snap the window size to standard resolutions, such as 800x600 c Press Alt-Enter d If a warning message box appears, click Continue to confirm that you can press Alt-Enter again to return from full-screen mode The Virtual PC window switches to full-screen mode after you press Alt-Enter The resolution of the guest operating system is automatically adjusted to fill the entire screen of the host computer You may need to maximize the ISA Server console window, in order to use the entire screen Virtual PC calls the Alt key, the "host key" e Explore the main nodes in the ISA Server console: - Configuration - Networks - Firewall Policy - Monitoring Press Alt-Enter again to return from full-screen mode a In the ISA Server console, in the left pane, select Configuration A single ISA Server (or an array of multiple ISA Servers) has two main areas of configuration: • Configuration node - This node contains all configuration settings that are relatively static This includes Networks configuration, Cache configuration, Add-ins (application filters and Web filters) and General You would typically not change the configuration of those elements very often ISA Server 2006 Enterprise Edition also has a Servers node • Firewall Policy node - This node contains a single list of all the access rules (outgoing) and the publishing rules (incoming) These rules will change more often, since they reflect the business rules and firewall access policy of a company b In the left pane, select Networks The Networks node contains the configuration of all the networks connected to the ISA Server Network rules are defined between each network This includes networks directly connected by network adapters such as External, Internal and Perimeter, virtual networks such as all the VPN Clients and Quarantined VPN Clients and special networks such as Local Host The initial configuration of the networks and the related firewall Lab Summary policy rules is done by selecting a network template from Templates tab in the task pane (Do not change the network template now.) Exercise in this lab module explores the Networks configuration c In the left pane, select Firewall Policy The Firewall Policy node contains a list of all access rules and publishing rules Exercise in this lab module explores the Firewall Policy configuration d If the task pane is closed, click the arrow button to open the task pane The task pane for the Firewall Policy node contains an additional tab named Toolbox This tab has sliding sections (Protocols, Users, Content Types, Schedules and Network Objects) that list all the rule elements that you can use in the access rules and publishing rules e In the task pane, on the Toolbox tab, click the Protocols heading, and then click Common Protocols The rule elements, such as protocol definitions, are selected when new access rules or publishing rules are created f In the task pane, on the Toolbox tab, click the Users heading, and then click New The New User Set wizard appears A user set is a collection of users (from Windows, RADIUS or SecurID) and groups, defined together in a single set You can apply an access rule or publishing rule to one or more user sets g Click Cancel to close the New User Set Wizard h In the left pane, select Monitoring The Monitoring node has multiple tabs (Dashboard, Alerts, Sessions, Services, Reports, Connectivity Verifiers and Logging) that allow you to monitor, control, investigate, troubleshoot and plan firewall operations ISA Server 2006 Enterprise Edition also has a Configuration tab The Dashboard tab contains summary boxes for five of the tabs and a running System Performance monitor that displays a real-time graph of the current rate of allowed and dropped packets Exercise in this lab module explores the Monitoring node i On the Dashboard tab, click the Sessions summary box header The Sessions tab of the Monitoring node is displayed This tab displays the client sessions that are currently active on the ISA Server If you only want to see specific sessions, you can filter the session list Other tabs of the Monitoring node are explored in exercise in this lab module Explore the Export and Import configuration commands a In the ISA Server console, in the left pane, right-click Paris The context menu of the Paris node contains Export and Import commands You can use these commands to export configuration setting to an XML file, and import the settings later at this computer or at another computer The Export and Import commands are present on the context menu of almost all the nodes in the left pane This includes the Networks node, the Firewall Policy node and even individual rules and rule elements Module H: Configuring Load Balancing Exercise Ease of Use: Multiple Networks In this exercise, you will explore how ISA Server uses multiple networks Tasks Detailed steps Note: This lab exercise uses the following computer: Paris Refer to the beginning of the manual for instructions on how to start this computer Log on to the computer Perform the following steps on the Paris computer On the Paris computer, explore how ISA Server uses multiple networks with IP address ranges, instead of the concept of a Local Address Table (LAT) a On the Paris computer, in the ISA Server console, in the left pane, expand Paris, expand Configuration, and then select Networks One of the most important changes in ISA Server 2004 and ISA Server 2006, in comparison with ISA Server 2000, is the concept of multiple networks connected to the ISA Server, which are all treated similarly for configuration purposes All firewall policy rules can be defined in terms of Source network and Destination network b In the right pane, on the (lower) Networks tab, right-click Internal, and then click Properties c In the Internal Properties dialog box, select the Addresses tab Compare: • ISA Server 2004 and ISA Server 2006 - The IP addresses of the Internal network only define what network interfaces are included in the network named Internal Other networks, such as Perimeter are defined in a similar fashion There is no equivalent to ISA Server 2000's Local Address Table (LAT) The application of packet filters, rules and Network Address Translation (NAT) or routing of IP packets is configured separately • ISA Server 2000 - The LAT is a very significant part of the configuration of ISA Server It automatically determines on which network interface packet filters are applied and where NAT or routing of IP packets is performed d Click Cancel to close the Internal Properties dialog box Notice that the Perimeter network is defined as the IP address range 23.1.1.0 - 23.1.1.255 The Local Host network is defined as the ISA Server computer itself All other IP addresses belong to the External network The VPN Client and Quarantined VPN Clients networks have dynamic membership and contain connecting VPN client computers e On the Network Sets tab, right-click All Protected Networks and then click Properties f In the All Protected Networks Properties dialog box, select the Networks tab Network Sets are groupings of existing Networks that can be used in firewall policy rules as well This makes it easy to refer to all networks, or all related networks You can define additional network sets The definition of the All Protected Networks network set is all existing networks, EXCEPT the External network ISA Server 2006 Enterprise Edition also allows you to define Networks and Network Sets at the enterprise-level, so that they can be used in all ISA Server arrays With enterprise networks, individual array administrators don’t need to be aware of changes in the larger corporate 10 Lab Summary networks Changes to an enterprise network take effect without requiring an array administrator to make changes to an individual array g Click Cancel to close the All Protected Networks Properties dialog box h On the Start menu, click Control Panel, and then click Network Connections The Network Connections menu on the Start menu shows that Paris has three network adapters To avoid confusion in the lab exercises, the network adapters on Paris were renamed as part of the lab setup from Local Area Connection (#2 and #3) to External Connection, Internal Connection and Perimeter Connection i Click the Start button again to close the Start menu Explore how Network Rules define Network Address Translation (NAT) or routing of IP packets between networks a In the ISA Server console, in the left pane, ensure that Networks is selected b In the right pane, select the Network Rules tab Network rules define whether ISA Server will use NAT (replace client source address with ISA Server address) or Route (use client source For demonstration purposes, create address in request) for traffic between each pair of networks or network sets, if the firewall policy allows network traffic between these networks and discard a new network rule Currently, Paris uses Route for all traffic between the ISA Server computer and all networks (rule 1), between the VPN networks and the Internal network (rule 2) and between the Perimeter network and the External network (rule 4) It uses NAT for all traffic from the Internal and VPN networks to the Perimeter network (rule 3) and from the Internal and VPN networks to the External network (rule 5) Route network rules automatically work in both directions NAT network rules are defined in one direction If there is no network rule defined between two networks, ISA Server does not allow traffic between those networks c In the task pane, on the Tasks tab, click Create a Network Rule d In the New Network Rule Wizard dialog box, in the Network rule name text box, type VPN Perimeter Access, and then click Next e On the Network Traffic Sources page, click Add The Add Network Entities dialog box appears f In the Add Network Entities dialog box, • click Networks, click VPN Clients, and click Add, and then click Close to close the Add Network Entities dialog box g On the Network Traffic Sources page, click Next h On the Network Traffic Destinations page, click Add The Add Network Entities dialog box appears again i In the Add Network Entities dialog box, • click Networks, click Perimeter, and click Add, and then click Close to close the Add Network Entities dialog box j On the Network Traffic Destinations page, click Next k On the Network Relationship page, select Route, and then click Next l On the Completing the New Network Rule Wizard page, click Finish A new network rule is created ISA Server will route IP packets from computers on the VPN Clients network to the Perimeter network Note: The new network rule is not applied yet The new VPN Perimeter Access network rule is only created for demonstration purposes Do not apply the new rule to ISA Server m On the top of the right pane, click Discard to remove the unsaved changes, such as the new VPN Perimeter Access rule Module H: Configuring Load Balancing 159 CARP is disabled on the Internal network e Click Apply to save the changes, and then click OK Wait until the CSS status is Synced 160 Lab Summary Exercise Using CARP and Scheduled Content Download Jobs In this exercise, you will configure ISA Server to use CARP and a content download job to update cache content Tasks Detailed steps Note: This lab exercise uses the following computers: Denver - Florence - Firenze - Istanbul Refer to the beginning of the manual for instructions on how to start the computers Log on to the computers Note: In the following tasks, you will configure a cache content download job on the ISA Server array This allows you to update the ISA Server cache with HTTP content that may be requested by Web Proxy clients later Perform the following steps on the Florence computer On the Florence computer, examine the Microsoft ISA Server Job Scheduler service a On the Florence computer, on the Start menu, click Administrative Tools, and then click Services b In the Services console, select the Microsoft ISA Server Job Scheduler service (two services below Microsoft Firewall in the list) Automatic cache content download jobs are run by the Microsoft ISA Server Job Scheduler service on each array server To understand the configuration of content download jobs, it is helpful to understand that conceptually there is no difference between the following two methods to place objects in the ISA Server cache: • A Web Proxy client user on the Internal network, sending multiple requests to Web sites on the Internet • The ISA Server Job Scheduler service (running as Local System), on the Local Host network, sending multiple requests to Web sites on the Internet, based on URL information in a cache content download job For configuration on ISA Server, the main difference is that a user connects from the Internal network, while the content download jobs are run from the Local Host network c Close the Services console Configure the Local Host network to listen for Web Proxy client requests a In the ISA Server console, in the left pane, select Networks b In the right pane, on the Networks tab, right-click Local Host, and then click Properties c In the Local Host Properties dialog box, on the Web Proxy tab, complete the following information: • Enable Web Proxy clients: enable • Enable HTTP: enable (is default) • HTTP port: 8080 (is default) • Enable SSL: disable (is default) and then click OK The ISA Server Job Scheduler service connects as Web Proxy client from the Local Host network Note: Do not enable CARP on the Local Host network yet Enable system policy rule 29 to allow HTTP from the Local Host network for content download jobs a In the left pane, select Firewall Policy (ITALY) b In the task pane, on the Tasks tab, click Show System Policy Rules c In the right pane, right-click system policy rule 29, and then click Properties System policy rule 29 is disabled by default The rule allows HTTP Module H: Configuring Load Balancing 161 from the Local Host network to All Networks for content download jobs d Select the Users tab Note: The system policy rule applies to requests from the built-in System account and the built-in Network Service account It does not allow unauthenticated access This means that after this rule is enabled, ISA Server blocks unauthenticated HTTP traffic from the Local Host network (ISA Server computer) If you not want to block unauthenticated HTTP traffic from the ISA Server computer, you must not enable system policy rule 29, but instead create an access rule that allows HTTP access for the content download jobs, and place this new access rule last in the Firewall Policy Rules list e Click Cancel to close the system policy rule 29 dialog box f Right-click system policy rule 29, and then click Edit System Policy g In the System Policy Editor dialog box, in the Configuration Groups list, ensure that Scheduled Download Jobs is selected, and then select the Enable check box h Click OK to close the System Policy Editor dialog box System policy rule 29 is now enabled i Apply the changes Create a new content download job Name: Fabrikam News Site Download frequency: Daily at 7:00 AM URL: http:// istanbul.fabrikam.com/ news.htm Examine the configuration status of the array servers In the task pane, on the Tasks tab, click Hide System Policy Rules a Click Apply to save the changes, and then click OK Wait until the CSS status is Synced a In the left pane, select Cache, and then in the right pane, select the Content Download Jobs tab b In the task pane, on the Tasks tab, click Schedule a Content Download Job c In the New Content Download Job Wizard dialog box, in the Content Download Job name text box, type Fabrikam News Site, and then click Next d On the Download Frequency page, select Daily, and then click Next Note: The Download Frequency page mentions the use of CARP with content download jobs You will enable CARP for this purpose, later in the exercise e On the Daily Frequency page, complete the following information: • Job start date: today's date (is default) • Job start time: 7:00 AM • Run the job one time every day: enable (is default) and then click Next f On the Content Download page, in the Download content from this URL text box, type http://istanbul.fabrikam.com/news.htm and then click Next The job scheduler will download news.htm, and recursively download Web pages linked in news.htm g On the Content Caching page, click Next Note: The content download job allows you to cache content, even if the HTTP headers indicate that the content should not be cached However, the default is to cache content if the HTTP headers indicate to cache h On the Completing the Scheduled Content Download Job Wizard page, click Finish A new content download job named Fabrikam News Site is created a In the left pane, select Monitoring, and then in the right-pane, select the Configuration tab b In the task pane, on the Tasks tab, click Refresh Now The configuration status of Florence and Firenze is Not synced 162 Lab Summary When you create a content download job, the configuration is updated on the array servers immediately You not have to click Apply to save the changes c Wait until the configuration status is Synced Edit the log viewer filter: Log Record Type: Web Proxy Filter Start the log viewer Start the Fabrikam News Site content download job now a Select the Logging tab Note: You may (temporarily) need to close the task pane, to see the Logging tab b In the task pane, on the Tasks tab, click Edit Filter c In the Edit Filter dialog box, in the conditions list, select the existing Log Record Type condition d In the Value list box, select Web Proxy Filter, and then click Update e Click Start Query to close the Edit Filter dialog box The log viewer will display current network activity based on the Web Proxy log file a In the left pane, select Cache, and in the right-pane select the Content Download Jobs tab b In the right pane, select the Fabrikam News Site job c Scroll the contents of the right pane to the right, so that you can see the Status column The current job status is Idle d In the task pane, on the Tasks tab, click Start Selected Jobs Now The job scheduler will run the Fabrikam News Site content download job on both array servers now, instead of waiting until the scheduled time (7:00 AM) e After a few seconds, on the Tasks tab, click Refresh Now The Fabrikam News Site is a very short job After the refresh, the job status in the Status column changes back from Running to Idle, and the Stop Running Jobs task link changes back to Start Selected Jobs Now Stop the log viewer, and examine the Web Proxy log entries a In the left pane, select Monitoring, and in the right pane select the Logging tab b After a few seconds, in the task pane, on the Tasks tab, click Stop Query The log viewer displays log entries from the Web Proxy log file You may need to scroll to the right to see the URL and Server Name columns Both Florence and Firenze first attempt an anonymous Web Proxy connection (port 8080) to the Local Host network (127.0.0.1) System policy rule 29 requires authentication After that both array servers download news.htm and economy.htm from 39.1.1.7 The istanbul.fabrikam.com/news.htm Web page links to the ankara.fabrikam.com/economy.htm Web page Both host names resolve to 39.1.1.7 Note: All files in the content download job (news.htm and economy.htm) are downloaded and cached by both array servers This is because CARP is not enabled for content download jobs yet 10 Enable CARP on the Local Host network a In the left pane, select Networks b In the right pane, on the Networks tab, right-click Local Host, and then click Properties c In the Local Host Properties dialog box, on the CARP tab, select Enable CARP on this network When CARP is enabled on the Local Host network, content download jobs run only on a single array server The downloaded Web pages are distributed over the array servers, according to the CARP algorithm Note: Currently CARP is disabled on the Internal network When Module H: Configuring Load Balancing 163 you use a content download job to distribute cache content according to the CARP algorithm, you have to ensure that Web Proxy clients on the Internal network access the content using CARP as well d Click OK to close the Local Host Properties dialog box e Click Apply to save the changes, and then click OK Wait until the CSS status is Synced Perform the following steps on the Denver computer 11 On the Denver computer, use C:\Tools\carpdemo.js to calculate the selected proxy server for: istanbul.fabrikam.com/ news.htm and ankara.fabrikam.com economy.htm a On the Denver computer, in a Command Prompt window, in the C:\Tools folder, type carpdemo istanbul.fabrikam.com/news.htm, and then press Enter The content download job URL is handled on array server 10.1.1.1 (Florence) This means that the job scheduler on Florence will run the Fabrikam News Site job b Click OK Type carpdemo ankara.fabrikam.com/economy.htm, and then press Enter The economy.htm Web page is downloaded and cached on array server 10.1.1.2 (Firenze) c Close the Command Prompt window Perform the following steps on the Florence computer 12 On the Florence computer, start the log viewer a On the Florence computer, in the ISA Server console, in the left pane, select Monitoring, and in the right pane select the Logging tab b In the task pane, on the Tasks tab, click Start Query The log viewer will display current network activity based on the Web Proxy log file 13 Start the Fabrikam News Site content download job now a In the left pane, select Cache, and in the right-pane select the Content Download Jobs tab b In the right pane, select the Fabrikam News Site job c In the task pane, on the Tasks tab, click Start Selected Jobs Now The job scheduler will run the Fabrikam News Site content download job now Because CARP is enabled on the Local Host network, CARP calculates that only the job scheduler on Florence runs the job d After a few seconds, on the Tasks tab, click Refresh Now The Stop Running Jobs task link changes back to Start Selected Jobs Now 14 Stop the log viewer, and examine the Web Proxy log entries a In the left pane, select Monitoring, and in the right pane select the Logging tab b After a few seconds, in the task pane, on the Tasks tab, click Stop Query Note: Because the log entries are collected from two array members, and happen within the same second, they may not be in the correct order The log entries show that Florence downloads and caches news.htm from Istanbul (39.1.1.7) After that Florence forwards the request for economy.htm to Firenze (23.1.1.2) Firenze downloads and caches economy.htm from ankara.fabrikam.com (39.1.1.7) Notice that all files in the content download job (news.htm and economy.htm) are downloaded and cached only once, according to the CARP distribution Note: The following tasks are needed to avoid conflicts with other lab exercises 15 Edit the log viewer filter: a In the left pane, select Monitoring, and then in the right-pane, select the 164 Lab Summary Log Record Type: Firewall or Web Proxy Filter Logging tab b In the task pane, on the Tasks tab, click Edit Filter c In the Edit Filter dialog box, in the conditions list, select the existing Log Record Type condition d In the Value list box, select Firewall or Web Proxy Filter, and then click Update e Click Start Query to close the Edit Filter dialog box The log viewer will display current network activity based on the Firewall log file and the Web Proxy log file f On the Tasks tab, click Stop Query 16 Delete the Fabrikam News Site content download job a In the left pane, select Cache b In the right pane, on the Content Download Jobs tab, right-click the Fabrikam News Site job, and then click Delete c Click Yes to confirm that you want to delete the Fabrikam News Site job The change is updated on the array servers immediately You not have to click Apply to save the changes d Wait until the CSS status is Synced Note: You cannot disable Web Proxy clients on the Local Host network, when a content download job exists 17 Disable Web Proxy clients and CARP on the Local Host network a In the left pane, select Networks b In the right pane, on the Networks tab, right-click Local Host, and then click Properties c In the Local Host Properties dialog box, on the Web Proxy tab, CLEAR the Enable Web Proxy clients check box d On the CARP tab, CLEAR the Enable CARP on this network check box e Click OK to close the Local Host Properties dialog box Web Proxy clients and CARP are disabled on the Local Host network 18 Disable Web Proxy clients a On the Networks tab, right-click Perimeter, and then click Properties on the network used for intra-array b In the Perimeter Properties dialog box, on the Web Proxy tab, CLEAR communication (Perimeter) the Enable Web Proxy clients check box c Click OK to close the Perimeter Properties dialog box Web Proxy clients is disabled on the Perimeter network 19 Disable system policy rule 29 a In the left pane, select Firewall Policy (ITALY) b In the task pane, on the Tasks tab, click Show System Policy Rules c In the right pane, right-click system policy rule 29, and then click Edit System Policy d In the System Policy Editor dialog box, in the Configuration Groups list, ensure that Scheduled Download Jobs is selected, and then CLEAR the Enable check box e Click OK to close the System Policy Editor dialog box System policy rule 29 is now disabled f 20 Apply the changes In the task pane, on the Tasks tab, click Hide System Policy Rules a Click Apply to save the changes, and then click OK Wait until the CSS status is Synced Module H: Configuring Load Balancing 165 Module I: Using Monitoring, Alerting and Logging Exercise Monitoring the ISA Server In this exercise, you will explore the monitoring functions of ISA Server Tasks Detailed steps Note: This lab exercise uses the following computer: Paris Refer to the beginning of the manual for instructions on how to start this computer Log on to the computer Perform the following steps on the Paris computer On the Paris computer, examine the alert definition for the Service Shutdown event a On the Paris computer, on the Start menu, click All Programs, click Microsoft ISA Server, and then click, ISA Server Management b In the ISA Server console, in the left pane, expand Paris, and then select Monitoring c In the right pane, select the Dashboard tab The Monitoring node has multiple tabs that allow you to monitor, control, investigate, troubleshoot and plan firewall operations On the first tab (Dashboard), five of the other tabs are represented by a summary box providing a quick summary of the detailed information on those other tabs Whenever you need to investigate a particular event or reported issue in more detail, you switch from the Dashboard to the other tabs d Select the Alerts tab The Alerts tab lists events at the ISA Server that are significant enough to alert you e In the task pane, on the Tasks tab, click Configure Alert Definitions f In the Alert Properties dialog box, select the Service Shutdown line (do not clear the check box for Service Shutdown), and then click Edit On the General tab, in the Severity drop-down list box, notice that ISA Server considers a Service Shutdown an Information alert g In the Service Shutdown Properties dialog box, select the Events tab On the Events tab you specify the threshold to trigger an alert when the event occurs In this example, the event is a shutdown of any ISA Server service h Select the Actions tab On the Actions tab you specify the action, besides listing it on the Alerts tab, that should happen when an alert for this event is triggered In this example, the only action is to report the alert in the Windows event log (Application log) i Click Cancel to close the Service Shutdown Properties dialog box j Click Cancel to close the Alerts Properties dialog box 166 Lab Summary Notice that the current status of the ISA Server services is considered so significant that there is also a special tab (Services) that will specifically display the status of the services Use the Services console to stop the Microsoft ISA Server Job Scheduler service to simulate an unexpected shutdown of the service a On the Start menu, click Administrative Tools, and then click Services b In the Services console, in the right pane, right-click Microsoft ISA Server Job Scheduler service, and then click Stop The ISA Server Job Scheduler service is stopped This simulates an unexpected shutdown of one of the ISA Server services c Close the Services console Examine how an alert shows up on the Alerts tab, and the Dashboard tab a In the ISA Server console, on the Alerts tab, wait for 30 seconds for the new alert (Service Shutdown) to show up, or in the task pane, on the Tasks tab, click Refresh Now A new Information alert (Service Shutdown) appears b Select the Dashboard tab Wait for 30 seconds, or in the task pane, on the Tasks tab, click Refresh Now In the Alerts summary box, the Service Shutdown Information alert is displayed as well Notice the column that lists the number of New (not acknowledged yet) alerts The icon in the top left corner of each summary box, indicates the highest severity or status of the information in that summary box You may click the circle with the two up-arrows to roll-up the summary box Investigate the Service Shutdown alert and resolve the issue by starting the ISA Server Job Scheduler service on the Services tab a On the Dashboard tab, click the heading of the Alerts summary box to return to the Alerts tab b On the Alerts tab, select the Service Shutdown alert, and then expand the Service Shutdown alert The Messages area shows a general description of the event (The service was stopped gracefully.) c Select the second Service Shutdown alert line The Messages area shows a more specific description of the event (The ISA Server Job Scheduled service was stopped gracefully.) When multiple similar alerts occur, they are grouped with a common general description d In the task pane, on the Tasks tab, click Acknowledge Selected Alerts The Status of the Service Shutdown alert changes from New to Acknowledged to indicate that you have seen this alert Acknowledged alerts are removed from the Alerts summary box on the Dashboard tab as well e Select the Services tab, and then in the task pane, on the Tasks tab, click Refresh Now f In the right pane, select Microsoft ISA Server Job Schedule, and then in the task pane, on the Tasks tab, click Start Selected Service The ISA Server Job Scheduler service is started again g On the Alerts tab, select the second acknowledged Service Shutdown alert line h In the task pane, on the Tasks tab, click Reset Selected Alerts i Click Yes to confirm that you want to reset Service Shutdown The Service Shutdown alert is removed from the Alerts tab to indicate that you have resolved this alert The alert will still be in the Windows Event Application log Note: The particular event (Service Shutdown) is used as an example in this exercise You would normally investigate a Service Shutdown alert on the ISA Server computer more extensively, than just start up the service Module H: Configuring Load Balancing 167 again Examine the intrusion detection options a In the ISA Server console, in the left pane, expand Configuration, and then select General b In the right pane, click Enable Intrusion Detection and DNS Attack Detection In the dialog box, you can enable detection of well-known intrusion attempts Detected attempts trigger an intrusion detection alert Notice that intrusion detection is enabled by default c Examine the performance monitoring options Click Cancel to close the dialog box a On the Start menu, click All Programs, click Microsoft ISA Server, and then click ISA Server Performance Monitor A pre-configured System Monitor console for ISA Server appears ISA Server 260 defines five System Monitor objects and approximately 170 performance counters to monitor the performance of the ISA Server b Close the ISA Server Performance Monitor console c If a message box appears, click No to confirm that you not want to save console settings to msisaprf.msc 168 Lab Summary Exercise Checking Connectivity from the ISA Server In this exercise, you will explore the connectivity checking functions of ISA Server Tasks Detailed steps Note: This lab exercise uses the following computers: Paris - Istanbul Refer to the beginning of the manual for instructions on how to start the computers Log on to the computers Perform the following steps on the Paris computer On the Paris computer, create two new connectivity verifiers: Name: Istanbul (ping) Server: 39.1.1.7 Method: Ping Name: Istanbul (http) Server: 39.1.1.7 Method: HTTP "GET" a On the Paris computer, in the ISA Server console, in the left pane, select Monitoring b In the right pane, select the Connectivity Verifiers tab The Connectivity Verifiers tab allows you to define Connectivity Verifiers A connectivity verifier periodically connects from the ISA Server to other computers that you specify, to test current connectivity This helps with troubleshooting server connectivity problems ISA Server automatically defines the required System policy rules to allow the network traffic to check the connectivity to the other computers The connectivity verifiers are not intended to check the ISA Server configuration, or the Firewall policy rules, but instead are intended to check the network connectivity from the ISA Server computer to the specified computers c In the task pane, on the Tasks tab, click Create New Connectivity Verifier d In the New Connectivity Verifier Wizard dialog box, in the Connectivity Verifier name text box, type Istanbul (ping), and then click Next e On the Connectivity Verification Details, complete the following information: • Monitor connectivity to this server or URL: 39.1.1.7 • Group type used to categorize: Web (Internet) • Verification method: Send a Ping request and then click Next f On the Completing the Connectivity Verifier Wizard page, click Finish A new connectivity verifier is added ISA Server will ping 39.1.1.7 (Istanbul) every 30 seconds and compare the response time with the timeout response threshold of 5000 msec g In the task pane, on the Tasks tab, click Create New Connectivity Verifier h In the New Connectivity Verifier Wizard dialog box, in the Connectivity Verifier name text box, type Istanbul (http), and then click Next i On the Connectivity Verification Details, complete the following information: • Monitor connectivity to this server or URL: 39.1.1.7 • Group type used to categorize: Web (Internet) • Verification method: Send an HTTP "GET" request and then click Next j On the Completing the Connectivity Verifier Wizard page, click Finish k If the Enable HTTP Connectivity Verification message box appears, click Yes to confirm that a system policy rule is enabled Module H: Configuring Load Balancing 169 A new connectivity verifier is added ISA Server will establish an HTTP GET request to 39.1.1.7 (Istanbul) every 30 seconds and compare the response time with the timeout response threshold of 5000 msec Examine the System policy rules used by the connectivity verifiers a In the left pane, select Firewall Policy b In the task pane, on the Tasks tab, click Show System Policy Rules In the right pane, System policy rule 12 allows Ping requests from the ISA Server computer (Local Host) to All Networks Rule 19 allows HTTP requests from the ISA Server computer to All Networks Note: Instead of allowing HTTP requests to All Networks, you may consider configuring rule 19 to use a custom Computer Set that only includes the computers for which you have defined a HTTP connectivity verifier c In the task pane, on the Tasks tab, click Hide System Policy Rules Apply changes to save and activate the new connectivity verifiers a In the left pane, select Monitoring b In the right pane, click Apply to save the new connectivity verifiers, and then click OK The two connectivity verifiers are now active Wait for the successful check of the two connectivity verifiers for Istanbul a On the Connectivity Verifiers tab, wait one minute, and then in the task pane, on the Tasks tab, click Refresh Now Note: Refresh Now updates the information in the ISA Server console, it does not interfere with the connectivity verifiers periodic checking Two green checkmark icons appear in the Verifier Name column A green checkmark icon indicates that the response time from Istanbul is less than the timeout response threshold (5000 ms) Perform the following steps on the Istanbul computer On the Istanbul computer, stop the Default Web Site to simulate a failure of the Web server a On the Istanbul computer, on the Start menu, click Administrative Tools, and then click Internet Information Services (IIS) Manager b In the IIS Manager console, expand ISTANBUL (local computer), expand Web Sites, right-click Default Web Site, and then click Stop The Web site is stopped Istanbul will no longer respond to HTTP requests This simulates a failure of the Web server Perform the following steps on the Paris computer On the Paris computer, wait for the failure state of the Istanbul (http) connectivity verifier a On the Paris computer, on the Connectivity Verifiers tab, wait one minute, and then in the task pane, on the Tasks tab, click Refresh Now In the Verifier Name column, a red error icon appears for the Istanbul (http) connectivity verifier The red error icon indicates that the connectivity verifier did not receive a response from Istanbul to its HTTP request Notice that the Istanbul (ping) connectivity verifier does not report an error Perform the following steps on the Istanbul computer On the Istanbul computer, start the Default Web Site again a On the Istanbul computer, in the IIS Manager console, right-click Default Web Site (Stopped), and then click Start The Web server is started again b Close the IIS Manager console Perform the following steps on the Paris computer On the Paris computer, wait a On the Paris computer, on the Connectivity Verifiers tab, wait one for the success state of the minute, and then in the task pane, on the Tasks tab, click Refresh Now 170 Lab Summary Istanbul (http) connectivity verifier A green checkmark icon appears again for the Istanbul (http) connectivity verifier ISA Server has successfully received a response to its HTTP request to Istanbul Delete the two connectivity verifiers for Istanbul a Right-click the Istanbul (http) connectivity verifier, and then click Delete b Click Yes to confirm that you want to delete the connectivity verifier c Right-click the Istanbul (ping) connectivity verifier, and then click Delete d Click Yes to confirm that you want to delete the connectivity verifier Both connectivity verifiers are removed e Click Apply to save the changes, and then click OK Note: The connectivity verifiers in this exercise check connectivity to the Istanbul computer on the Internet Other examples for using connectivity verifiers are checking DNS connectivity (TCP port 53) to DNS servers on the Internet, and checking service connectivity to published servers in the perimeter network Module H: Configuring Load Balancing 171 Exercise Logging Client Computer Access In this exercise, you will explore the logging functions of ISA Server Tasks Detailed steps Note: This lab exercise uses the following computers: Denver - Paris - Istanbul Refer to the beginning of the manual for instructions on how to start the computers Log on to the computers Perform the following steps on the Paris computer On the Paris computer, find the location of the ISA Server log files a On the Paris computer, in the ISA Server console, in the left pane, select Monitoring, and then select the Logging tab Note: You may (temporarily) need to close the task pane in order to see the Logging tab b In the task pane, on the Tasks tab, click Configure Firewall Logging c In the Firewall Logging Properties dialog box, on the Log tab, click Options The Options dialog box shows that ISA Server saves the Firewall service log files in the ISALogs folder in the ISA Server installation folder (C:\Program Files\Microsoft ISA Server) d Click Cancel to close the Options dialog box The Firewall Logging Properties dialog box shows that the log file names are in the form ISALOG_yyyymmdd_FWS_nnn.mdf e Click Cancel to close the Firewall Logging Properties dialog box The Web Proxy log files (ISALOG_yyyymmdd_WEB_nnn.mdf) are also saved in the ISALogs folder Start a new online log query a On the Logging tab, click Start Query Start Query starts a new online log query of the ISA Server log files When a successful of failed connection is made through ISA Server, the records of log file are displayed on the screen Create a new access rule a In the ISA Server console, in the left pane, select Firewall Policy b In the right pane, select the first rule, or select Default rule if no other Name: Allow Web access (logging rule exists, to indicate where the new rule is added to the rule list test) c In the task pane, on the Tasks tab, click Create Access Rule d In the New Access Rule Wizard dialog box, in the Access rule name Applies to: HTTP text box, type Allow Web access (logging test), and then click Next From network: Internal e On the Rule Action page, select Allow, and then click Next To network: External f On the Protocols page, in the This rule applies to list box, select Selected protocols, and then click Add g In the Add Protocols dialog box, • click Common Protocols, click HTTP, and click Add, and then click Close to close the Add Protocols dialog box h On the Protocols page, click Next i On the Access Rule Sources page, click Add j In the Add Network Entities dialog box, • click Networks, click Internal, and click Add, and then click Close to close the Add Network Entities dialog box k On the Access Rule Sources page, click Next 172 Lab Summary l On the Access Rule Destinations page, click Add m In the Add Network Entities dialog box, • click Networks, click External, and click Add, and then click Close to close the Add Network Entities dialog box n On the Access Rule Destinations page, click Next o On the User Sets page, click Next p On the Completing the New Access Rule Wizard page, click Finish A new firewall policy rule is created that allows the HTTP protocol from the Internal network to the External network q Click Apply to apply the new rule, and then click OK Perform the following steps on the Denver computer On the Denver computer, use Internet Explorer to connect to http:// istanbul.fabrikam.com a On the Denver computer, open Internet Explorer In the Address box, type http://istanbul.fabrikam.com, and then press Enter Internet Explorer displays the Istanbul Web site Perform the following steps on the Paris computer On the Paris computer, create a filter definition for online mode logging Filter by: Destination IP Condition: Equals Value: 39.1.1.7 a On the Paris computer, in the ISA Server console, in the left pane, select Monitoring, and then select the Logging tab ISA Server lists all Firewall service log file and Web Proxy log file records on the screen, since the Start Query command This may include several of the same denied NetBIOS Name Service and NetBIOS Datagram requests The HTTP request to Istanbul (39.1.1.7) is also in this list You can filter the on-screen display, by creating a filter definition b In the task pane, on the Tasks tab, click Edit Filter c In the Edit Filter dialog box, complete the following information: • Filter by: Destination IP • Condition: Equals • Value: 39.1.1.7 and then click Add To List to add the filter definition d Click Start Query to close the Edit Filter dialog box The on-screen display is cleared, and the new filter definition (Destination IP equals 39.1.1.7) is in effect Perform the following steps on the Denver computer On the Denver computer, refresh the content of the Web page at http:// istanbul.fabrikam.com twice - First press Ctrl-F5 (Ctrl-Refresh) - then press F5 (Refresh) Attempt to open the non-existing Web page at http:// istanbul.fabrikam.com/ test.htm a On the Denver computer, in Internet Explorer, ensure that the http://istanbul.fabrikam.com Web page is opened b Hold the Ctrl-key, and click the Refresh button on the toolbar, to refresh the content of the Web page, regardless of any changes c Wait a few seconds, and then click the Refresh button on the toolbar (without the Ctrl-key) to refresh the content of the Web page when it has changed Internet Explorer displays the same Istanbul Web page after each refresh a In Internet Explorer, in the Address box, type http://istanbul.fabrikam.com/test.htm, and then press Enter Internet Explorer cannot find the test.htm page (HTTP Error 404) b Close Internet Explorer Perform the following steps on the Paris computer On the Paris computer, view the online mode logging a On the Paris computer, on the Logging tab, wait a few moments for the log file entries for destination IP 39.1.1.7 to appear on the screen Module H: Configuring Load Balancing records for destination IP 39.1.1.7 Add column: HTTP Status Code 173 A total of three or more log file records will appear for Destination IP 39.1.1.7 (Istanbul) b Right-click the Log Time heading, and then click Add/Remove Columns You can add additional columns in the display, by moving the columns from the Available columns list to the Displayed columns list c In the Add/Remove Columns dialog box, in the Available columns list box, select HTTP Status Code, and then click Add -> HTTP Status Code is moved into the Displayed columns list d In the Displayed columns list, select HTTP Status Code, and then click Move Up, until HTTP Status Code is just after HTTP Method e Click OK to close the Add/Remove Columns dialog box Use the horizontal scroll bar to see all the fields of the following log file records on the screen: • Protocol http - HTTP Method GET - HTTP Status Code 200 • Protocol http - HTTP Method GET - HTTP Status Code 304 • Protocol http - HTTP Method GET - HTTP Status Code 404 Result code 200 means Success (is after Ctrl-F5), 304 means Content not changed (is after F5), and 404 means File not found (is after attempt to get test.htm) Note: The following tasks are needed to avoid conflicts with other lab exercises Remove the online filter definition, and stop the query a In the task pane, on the Tasks tab, click Edit Filter b In the Edit Filter dialog box, select the Destination IP - Equals 39.1.1.7 expression, and then click Remove c Click Start Query to close the Edit Filter dialog box d In the task pane, on the Tasks tab, click Stop Query The online log query of the Firewall Server log files is stopped e Click Apply to save the changes, and then click OK ... click Microsoft ISA Server, and then click ISA Server Management The ISA Server console opens This is the console from which all configuration of the ISA server is done b In the ISA Server console,... the most important changes in ISA Server 2004 and ISA Server 2006, in comparison with ISA Server 2000, is the concept of multiple networks connected to the ISA Server, which are all treated similarly... Access from the ISA Server .24 Exercise Configuring ISA Server 2006 for Flood Resiliency 26 Module C: Publishing Web Servers and Other Servers 30 Exercise Publishing a Web Server in the