Module 2: Installing and
Maintaining ISA Server
Overview
Installing ISA Server 2004
Choosing ISA Server Clients
Installing and Configuring Firewall Clients
Advanced Firewall Client Configuration
Securing ISA Server 2004
Maintaining ISA Server 2004
Lesson: Installing ISA Server 2004
System and Hardware Requirements for ISA Server 2004
Installation Types and Components
Configuration Choices During Installation
How to Perform an Unattended Installation of
ISA Server 2004
How to Verify an Installation of ISA Server 2004
Default Configuration for ISA Server 2004
How to Modify the ISA Server Installation
Upgrade Options from ISA Server 2000 to
ISA Server 2004
System and Hardware Requirements for ISA Server 2004
Windows Server 2000
or
Windows Server 2003
Windows Server 2000
or
Windows Server 2003
CPU
CPU
RAM
RAM

256 MB 500 MHz
Hard Disk Format
Hard Disk Format
NTFS
Hard Disk Space
Hard Disk Space
150 MB
Internal
Internal
External
External
Installation Types and Components
Configuration Choices During Installation
Practice: Installing ISA Server 2004
Installing ISA Server 2004
Internet
Den-ISA-01
Den-DC-01
How to Perform an Unattended Installation of
ISA Server 2004
Why Use an Unattended Installation of ISA Server?
Modifying the Msisaund.ini File
[Setup Property Assignment]
PIDKEY=xxxxxxxxxxxxxxxxxxxxxxxxx
INTERNALNETRANGES=1 192.168.1.0-192.168.1.255
INSTALLDIR=C:\Program Files\Microsoft ISA
Server
COMPANYNAME=Coho Vineyards
DONOTDELLOGS=1
DONOTDELCACHE=1

ADDLOCAL=MSFirewall_Management,MSFirewall_
Services,Message_Screener,MSDE
[Setup Property Assignment]
PIDKEY=xxxxxxxxxxxxxxxxxxxxxxxxx
INTERNALNETRANGES=1 192.168.1.0-192.168.1.255
INSTALLDIR=C:\Program Files\Microsoft ISA
Server
COMPANYNAME=Coho Vineyards
DONOTDELLOGS=1
DONOTDELCACHE=1
ADDLOCAL=MSFirewall_Management,MSFirewall_
Services,Message_Screener,MSDE
Running an Unattended Setup
D:\Setup.exe /V” /qn
FULLPATHANSWERFILE= \”c:\MSISAUND.INI\””
D:\Setup.exe /V” /qn
FULLPATHANSWERFILE= \”c:\MSISAUND.INI\””
How to Verify an Installation of ISA Server 2004
Verify that the ISA Server services are installed
and started
Verify that the MSDE services are installed and started
Review the setup log files
Check the Application Log in the Event Viewer
Check for ISA Server Alerts
Only Administrators can modify firewall policies
Only Administrators can modify firewall policies
Traffic is routed between the ISA Server and all
other networks
Traffic is routed between the ISA Server and all
other networks

Traffic between the Internal network, the VPN
network, the VPN Quarantine network, and the
Internet will use network address translation
Traffic between the Internal network, the VPN
network, the VPN Quarantine network, and the
Internet will use network address translation
Traffic is routed between the VPN network and the
Internal network
Traffic is routed between the VPN network and the
Internal network
Default Configuration for ISA Server 2004
System policy permits access to the ISA Server
but access rules deny all network traffic through
the ISA Server
System policy permits access to the ISA Server
but access rules deny all network traffic through
the ISA Server
No servers are published
No servers are published
Web Proxy requests will be retrieved directly from
the Internet
Web Proxy requests will be retrieved directly from
the Internet
Caching is disabled
Caching is disabled
A rule enabling access to the Firewall Client
installation share is configured if you install the
Firewall Client installation files
A rule enabling access to the Firewall Client
installation share is configured if you install the

Firewall Client installation files
Only Administrators can modify firewall policies
Traffic is routed between the ISA Server and all other networks
Traffic between the Internal network, the VPN network, the VPN
Quarantine network, and the Internet will use network address
translation
Traffic is routed between the VPN network and the Internal network
System policy permits access to the ISA Server but access rules
deny all network traffic through the ISA Server
No servers are published
Web Proxy requests will be retrieved directly from the Internet
Caching is disabled
A rule enabling access to the Firewall Client installation share is
configured if you install the Firewall Client installation files
Practice: Verifying the Installation and Default
Configuration of ISA Server 2004
Verifying the successful installation of
ISA Server 2004
Examining the default installation of
ISA Server 2004
Internet
Den-ISA-01
Den-DC-01
How to Modify the ISA Server Installation Options
Upgrade Options from ISA Server 2000 to ISA Server 2004
ISA Server 2000
ISA Server 2000
Install ISA
Server 2004
Install ISA

Server 2004
ISA Server 2000
ISA Server 2000
Extract the
ISA Server
2000
configuration
Extract the
ISA Server
2000
configuration
Import the ISA
Server Configuration
Import the ISA
Server Configuration
Install ISA Server 2004
Install ISA Server 2004
In-Place Upgrade
In-Place Upgrade
Migration
Migration
Lesson: Choosing ISA Server Clients
Types of ISA Server Clients
How to Configure a SecureNAT Client
How to Configure Web Proxy Clients
Guidelines for Choosing an ISA Server Client
Types of ISA Server Clients
Improves the performance of
Web requests for internal clients
Allows internet access only

for authenticated users
Does not require you to
deploy client software
ISA Server
Internet
Web Proxy Client Firewall Client
SecureNAT Client
SecureNAT clients do not require client installation or
client configuration
SecureNAT clients do not require client installation or
client configuration
How to Configure a SecureNAT Client
On a single subnet network, configure the IP address
of the internal network interface as the SecureNAT
client default gateway
On a single subnet network, configure the IP address
of the internal network interface as the SecureNAT
client default gateway
On a multiple subnet network, configure the IP address
of the router as the SecureNAT client default gateway
On a multiple subnet network, configure the IP address
of the router as the SecureNAT client default gateway
How to Configure Web Proxy Clients
Guidelines for Choosing an ISA Server Client
If you need to…
Then use…
Avoid deploying client software SecureNAT clients
Use ISA Server only for
forward caching
SecureNAT or Web Proxy

clients
Allow access only for
authenticated clients
Firewall clients or Web
Proxy clients
Publish servers on your
internal network
SecureNAT clients
Improve Web performance for
non-Windows operating systems
SecureNAT or Web
Proxy clients
Internet
Den-ISA-01
Den-DC-01
Practice: Configuring SecureNAT and Web Proxy Clients
Configuring ISA Server to log
client connections
Configuring and testing
a SecureNAT client
Configuring and testing
a Web Proxy client
Den-Clt-01
Lesson: Installing and Configuring Firewall Clients
How to Configure Firewall Client Settings
The Firewall Client Installation and
Configuration Process
Options for Automating the Firewall Client Installation
How to Configure Firewall Client Settings
The Firewall Client Installation and Configuration Process

The Firewall Client:
The Firewall Client:
Uses a common Winsock service provider that
other Winsock applications use to connect to
application servers
Intercepts Winsock client application calls for remote
application servers and redirects the request to
ISA Server
Uses a common Winsock service provider that
other Winsock applications use to connect to
application servers
Intercepts Winsock client application calls for remote
application servers and redirects the request to
ISA Server
Install the Firewall Client:
Install the Firewall Client:
From the Firewall Client share on computer running
ISA Server or another network share
From the Firewall Client share on computer running
ISA Server or another network share
Practice: Installing the Firewall Client
Configuring the Firewall Client settings
on ISA Server
Installing the Firewall Client
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Options for Automating the Firewall Client Installation
SMS package distributed to
specific clients using SMS

SMS package distributed to
specific clients using SMS
Unattended installation
Unattended installation
Software package distributed
using Group Policies
Software package distributed
using Group Policies
Lesson: Advanced Firewall Client Configuration
Advanced Firewall Client Configuration Options
Firewall Client Configuration Files
What is the Automatic Discovery Feature?