Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario ppt
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (400.16 KB, 10 trang )
Module 12: Implementing
ISA Server 2004 Enterprise
Edition: Back-to-Back
Firewall Scenario
Overview
Implementing a Back-to-Back Firewall Scenario
Lab: Implementing a Back-to-Back Firewall Scenario
Lesson: Implementing a Back-to-Back Firewall Scenario
Issues in Deploying a Back-to-Back Firewall Solution
Guidelines for Configuring ISA Servers in a Workgroup
Guidelines for Implementing Network Load Balancing
Guidelines for Configuring a Front-End Firewall Array
Guidelines for Configuring a Back-End Firewall Array
Issues in Deploying a Back-to-Back Firewall Solution
Issues in deploying a back-to-back firewall configuration
include:
Issues in deploying a back-to-back firewall configuration
include:
Using public or private IP addresses in the perimeter
network
Deploying the ISA Server computers in a domain or
workgroup
Configuring network load balancing
Configuring name resolution and network routing
Configuring access to Configuration Storage servers
Configuring configure publishing rules and access rules
Configuring SSL connections
Configuring user authentication
Using public or private IP addresses in the perimeter
network
Deploying the ISA Server computers in a domain or
workgroup
Configuring network load balancing
Configuring name resolution and network routing
Configuring access to Configuration Storage servers
Configuring configure publishing rules and access rules
Configuring SSL connections
Configuring user authentication
Guidelines for Configuring ISA Servers in a Workgroup
ISA Server Enterprise Edition supports the following
deployment scenarios:
ISA Server Enterprise Edition supports the following
deployment scenarios:
Deploying all ISA Server components on workgroup
members
Deploying all ISA Server components on workgroup
members
Deploying ISA Server components in a mixed
configuration
Deploying ISA Server components in a mixed
configuration
Deploying all ISA Server components on domain members
Deploying all ISA Server components on domain members
You can change the deployment configuration after
deployment
You can change the deployment configuration after
deployment
Guidelines for Implementing Network Load Balancing
Configuring intra-array addressing:
Configuring intra-array addressing:
Used by array members to communicate with other array
members
If not enabling NLB, use the internal network for the intra-
array network
If enabling NLB, create a separate IP address or a
separate network for the intra-array addresses
Used by array members to communicate with other array
members
If not enabling NLB, use the internal network for the intra-
array network
If enabling NLB, create a separate IP address or a
separate network for the intra-array addresses
When configuring network load balancing:
When configuring network load balancing:
Do not use a layer-2 switch to connect array members
If all networks are enabled for NLB, add an additional
network adapter and create a separate network for intra-
array traffic
Do not use a layer-2 switch to connect array members
If all networks are enabled for NLB, add an additional
network adapter and create a separate network for intra-
array traffic
Guidelines for Configuring a Front-End Firewall Array
On the front-end firewall array, you need to configure:
On the front-end firewall array, you need to configure:
Network routing
The Internal network IP addresses
The network relationship
Access to resources on the perimeter network
Access to resources on the Internal network
SSL publishing for perimeter network servers
SSL publishing for Internal network servers
Authentication
Network routing
The Internal network IP addresses
The network relationship
Access to resources on the perimeter network
Access to resources on the Internal network
SSL publishing for perimeter network servers
SSL publishing for Internal network servers
Authentication
When configuring a back-to-back firewall, begin by defining
the Internal and External networks for both arrays
When configuring a back-to-back firewall, begin by defining
the Internal and External networks for both arrays
Guidelines for Configuring a Back-End Firewall Array
On a back-end firewall array, you need to configure:
On a back-end firewall array, you need to configure:
The internal network IP addresses
Network routing
The perimeter network on the internal array
Network objects
Access to perimeter network resources
Access for front-end ISA Server computers
Access to resources on the Internal network
Internal network access for domain members
The internal network IP addresses
Network routing
The perimeter network on the internal array
Network objects
Access to perimeter network resources
Access for front-end ISA Server computers
Access to resources on the Internal network
Internal network access for domain members
Practice: Planning a Back-to-Back Firewall Deployment
In this practice, you will analyze a scenario
describing an organization’s requirements
for deploying a back-to-back firewall
solution and plan the front-end array and
back-end array configuration
Lab 12: Implementing a Back-to-Back Firewall Scenario
Exercise 1: Enabling Network Load
Balancing for the Main\Front-End
Array
Host1
Host2
Den-DC-01
Den-ISAEE-02
Den-ISAEE-01
Den-CSS-01
Den-ISAEE-03
Gen-Web-01
Den-Msg-01
Den-Web-01
Exercise 2: Installing and Configuring
the Front-End Array Server
Exercise 3: Configuring Firewall Rules
for Resource Access
Internet
Den-ISA-01
Den-DC-01
Den-Msg-01
Gen-Web-01
Den-ISA-02
Den-ISA-03
Den-Web-01
Den-CSS-01
