Module 4:
Configuring ISA Server
as a Firewall
Overview
Using ISA Server as a Firewall
Examining Perimeter Networks and Templates
Configuring System Policies
Configuring Intrusion Detection and IP Preferences
Lesson: Using ISA Server as a Firewall
What Is a TCP/IP Packet?
What Is Packet Filtering?
What Is Stateful Filtering?
What Is Application Filtering?
What Is Intrusion Detection?
How ISA Server 2004 Filters Network Traffic
Implementing ISA Server 2004 as a Firewall
What Is a TCP/IP Packet?
Destination Address: 0003FFD329B0
Source Address: 0003FFFDFFFF
Destination Address: 0003FFD329B0
Source Address: 0003FFFDFFFF
Network
Interface Layer
Network
Interface Layer
Physical
payload
Physical
payload
Destination: 192.168.1.1
Source: 192.168.1.10

Protocol: TCP
Destination: 192.168.1.1
Source: 192.168.1.10
Protocol: TCP
Internet
Layer
Internet
Layer
IP payload
IP payload
Destination Port: 80
Source Port: 1159
Sequence: 3837066872
Acknowledgment: 2982470625
Destination Port: 80
Source Port: 1159
Sequence: 3837066872
Acknowledgment: 2982470625
Transport
Layer
Transport
Layer
TCP
payload
TCP
payload
HTTP Request Method: Get
HTTP Protocol Version: =HTTP/1.1
HTTP Host: =www.contoso.com
HTTP Request Method: Get

HTTP Protocol Version: =HTTP/1.1
HTTP Host: =www.contoso.com
Application
Layer
Application
Layer
Web
Server
Web
Server
ISA
Server
ISA
Server
Packet
Filter
Packet
Filter
What Is Packet Filtering?
Is the …
Source address allowed?
Destination address allowed?
Protocol allowed?
Destination port allowed?
What Is Stateful Filtering?
Web
Server
Web
Server
ISA

Server
ISA
Server
Web
Server
Web
Server
Connection Rules
Create connection rule
Is packet part of a connection?
What Is Application Filtering?
ISA
Server
ISA
Server
Get www.contoso.com
Get www.contoso.com
Respond to client
Respond to client
Get method allowed?
Get method allowed?
Does the response contain only
allowed content and methods?
Does the response contain only
allowed content and methods?
Web
Server
Web
Server
What Is Intrusion Detection?

ISA
Server
ISA
Server
Alert the administrator
Alert the administrator
All ports scan attack
All ports scan attack
Port scan limit exceeded
Port scan limit exceeded
How ISA Server 2004 Filters Network Traffic
TCP/IP
TCP/IP
Firewall
Engine
Firewall
Engine
Firewall
Service
Firewall
Service
Application
Filters
Application
Filters
Web Proxy
Filter
Web Proxy
Filter
Rules

Engine
Rules
Engine
Web
Filters
Web
Filters
Stateful and
protocol filtering
Stateful and
protocol filtering
Application
filtering
Application
filtering
Kernel mode
data pump
Kernel mode
data pump
2
2
3
3
4
4
Packet filtering
Packet filtering
1
1
Implementing ISA Server 2004 as a Firewall

To configure ISA Server as a firewall:
To configure ISA Server as a firewall:
Determine perimeter network configuration
Configure networks and network rules
Configure system policy
Configure intrusion detection
Configure access rule elements and access rules
Configure server and Web publishing
Determine perimeter network configuration
Configure networks and network rules
Configure system policy
Configure intrusion detection
Configure access rule elements and access rules
Configure server and Web publishing
Practice: Applying Firewall Concepts
In this practice, you will analyze three
scenarios describing an organization’s
network security requirements and
determine what firewall functionality is
required in each scenario
Lesson: Examining Perimeter Networks and Templates
What Is a Perimeter Network?
Why Use a Perimeter Network?
Network Perimeter Configurations
About Network Templates
How to Use the Network Template Wizard
Modifying Rules Applied by Network Templates
What Is a Perimeter Network?
Perimeter Network
Perimeter Network

Internal Network
Internal Network
Firewall
Internet
Firewall
Why Use a Perimeter Network?
A perimeter network provides an additional layer
of security:
A perimeter network provides an additional layer
of security:
Between the publicly accessible servers and the
internal network
Between the Internet and confidential data or critical
applications stored on servers on the internal network
Between potentially nonsecure networks such as
wireless networks and the internal network
Between the publicly accessible servers and the
internal network
Between the Internet and confidential data or critical
applications stored on servers on the internal network
Between potentially nonsecure networks such as
wireless networks and the internal network
Use defense in depth in addition to perimeter
network security
Use defense in depth in addition to perimeter
network security
Network Perimeter Configurations
Back-to-back configuration
Perimeter
Network

Web
Server
LAN
Three-legged configuration
Bastion host
LAN
Perimeter
Network
LAN
Back-to-back configuration
Perimeter
Network
Web
Server
LAN
Three-legged configuration
Bastion host
LAN
Perimeter
Network
LAN
Deploy the Edge
Firewall template
Deploy the Edge
Firewall template
Deploy the
Front-End
or Back-End
template
Deploy the

Front-End
or Back-End
template
Deploy the 3-Leg
Perimeter template
Deploy the 3-Leg
Perimeter template
About Network Templates
Deploy the Single Network Adapter template for proxy and caching only
Deploy the Single Network Adapter template for proxy and caching only
How to Use the Network Template Wizard
Modifying Rules Applied by Network Templates
You may need to modify the rules applied by a network
template to:
You may need to modify the rules applied by a network
template to:
Modify Internet access based on user or
computer sets
Modify Internet access based on protocols
Modify network rules to change network relationships
Modify Internet access based on user or
computer sets
Modify Internet access based on protocols
Modify network rules to change network relationships
You can either change the properties of one of the rules
configured by the network template, or you can create a
new access rule to apply a specific setting
You can either change the properties of one of the rules
configured by the network template, or you can create a
new access rule to apply a specific setting

Practice: Implementing Network Templates
Applying the 3-Legged Network Template
Reviewing the Access Rules Created by
the 3-Legged Network Template
Testing Internet Access
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Gen-Web-01
Lesson: Configuring System Policies
What Is System Policy?
System Policy Settings
How to Modify System Policy Settings
What Is System Policy?
System policy is:
System policy is:
A default set of access rules applied to the
ISA Server to enable management of the server
A set of predefined rules that you can enable or disable
as required
A default set of access rules applied to the
ISA Server to enable management of the server
A set of predefined rules that you can enable or disable
as required
Modify the default set of rules provided by the system
policy to meet your organization’s requirements.
Disable all functionality that is not required
Modify the default set of rules provided by the system
policy to meet your organization’s requirements.
Disable all functionality that is not required

System Policy Settings
System policy settings include:
System policy settings include:
Network Services
Authentication Services
Remote Management
Firewall Client
Diagnostic Services
Logging and Monitoring
SMTP
Scheduled Download Jobs
Allowed Sites
Network Services
Authentication Services
Remote Management
Firewall Client
Diagnostic Services
Logging and Monitoring
SMTP
Scheduled Download Jobs
Allowed Sites
How to Modify System Policy Settings
Enable or disable
this policy
Enable or disable
this policy
Configure the
required networks
Configure the
required networks

Select the
Configuration
Group
Select the
Configuration
Group
Practice: Modifying System Policy
Examining and modifying the default
system policy
Testing the modified system policy
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Lesson: Configuring Intrusion Detection and IP Preferences
About Intrusion Detection Configuration Options
How to Configure Intrusion Detection
About IP Preferences Configuration Options
How to Configure IP Preferences