Tài liệu MCSE ISA Server 2000- P1 pdf
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.4 MB, 30 trang )
ISA Server 2000
MCSE
Roberta Bragg
Exam 70-227
TRAINING GUIDE
00a mcse FrontMatter 6/5/01 3:26 PM Page i
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
ii
MCSE T
RAINING
G
UIDE
(70-227) ISA S
ERVER
2000
MCSE T
RAINING
G
UIDE
(70-227):
I
NSTALLING
,C
ONFIGURING
,
AND
A
DMINISTERING
M
ICROSOFT
I
NTERNET
S
ECURITY AND
A
CCELERATION
S
ERVER
2000, E
NTERPRISE
E
DITION
Copyright 2002 by New Riders Publishing
First Printing: July 2002
All rights reserved. No part of this book may be reproduced or trans-
mitted in any form or by any means, electronic or mechanical, includ-
ing photocopying, recording, or by any information storage and
retrieval system, without written permission from the publisher, except
for the inclusion of brief quotations in a review.
International Standard Book Number: 0-7357-1092-9
Library of Congress Catalog Card Number: 00110877
05 04 03 02 01 7 6 5 4 3 2 1
Interpretation of the printing code: The rightmost double-digit num-
ber is the year of the book’s printing; the rightmost single-digit num-
ber is the number of the book’s printing. For example, the printing
code 01-1 shows that the first printing of the book occurred in 2001.
Composed in Garamond and MCPdigital by New Riders Publishing
Printed in the United States of America
Trademarks
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. New Riders
Publishing cannot attest to the accuracy of this information. Use of a
term in this book should not be regarded as affecting the validity of
any trademark or service mark.
Warning and Disclaimer
This book is designed to provide information about the ISA Server
exam. Every effort has been made to make this book as complete and
as accurate as possible, but no warranty or fitness is implied.
The information is provided on an as-is basis. The authors and New
Riders Publishing shall have neither liability nor responsibility to any
person or entity with respect to any loss or damages arising from the
information contained in this book or from the use of the discs or pro-
grams that may accompany it.
PUBLISHER
David Dwyer
ASSOCIATE PUBLISHER
Al Valvano
EXECUTIVE EDITOR
Stephanie Wall
MANAGING EDITOR
Gina Brown
PRODUCT MARKETING MANAGER
Stephanie Layton
PUBLICITY MANAGER
Susan Nixon
ACQUISITIONS EDITORS
Jeff Riley
Deborah Hittel-Shoaf
DEVELOPMENT EDITOR
Christopher Morris
MEDIA DEVELOPER
Jay Payne
TECHNICAL REVIEWERS
Emmett Dulaney
Richard D. Coile
PROJECT EDITOR
Linda Seifert
INDEXER
Brad Herriman
MANUFACTURING COORDINATOR
Jim Conway
BOOK DESIGNER
Louisa Klucznik
COVER DESIGNER
Aren Howell
PROOFREADER
Sheri Replin
COMPOSITION
Gina Rexrode
00a mcse FrontMatter 6/5/01 3:49 PM Page ii
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
iii
Contents at a Glance
1 Introduction: What Is ISA Server?
..................................................................................................
9
Part I Installation and Upgrade
2 Plan Before Acting: Preinstallation Activities
..........................................................................
45
3 Installing ISA Server
............................................................................................................................
71
4 Upgrading Microsoft Proxy 2.0
................................................................................................
109
Part II Configuring and Troubleshooting ISA Server Services
5 Outbound Internet Access
............................................................................................................
133
6 ISA Server Hosting Roles
..............................................................................................................
181
7 H.323 Gatekeeper
............................................................................................................................
205
8 Dial-Up Connections and RRAS
................................................................................................
235
9 ISA Virtual Private Networks
......................................................................................................
265
Part III Configuring, Managing, and Troubleshooting Policies and Rules
10 Firewall Configuration
..................................................................................................................
309
11 Manage ISA Server in the Enterprise
......................................................................................
337
12 Access Control in the Enterprise
................................................................................................
361
Part IV Deploying, Configuring, and Troubleshooting the Client Computer
13 Planning and Deploying Clients
................................................................................................
383
14 Installing and Configuring Client Options
............................................................................
399
00a mcse FrontMatter 6/5/01 3:26 PM Page iii
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
iv
MCSE T
RAINING
G
UIDE
(70-227) ISA S
ERVER
2000
Part V Monitoring, Analyzing, and Optimizing ISA Server
15 Monitoring Network Security and Usage
................................................................................
421
16 Performance Analysis and Optimization
................................................................................
449
Part VI Final Review
Fast Facts
..............................................................................................................................................
477
Study and Exam Prep Tips
............................................................................................................
497
Practice Exam
......................................................................................................................................
503
Part VII Appendixes
A Microsoft Proxy Server 2.0 Configuration Backup
............................................................
531
B ISA Setup Log
....................................................................................................................................
539
C ISA Upgrade Log
..............................................................................................................................
599
D Glossary
................................................................................................................................................
611
E Overview of the Certification Process
......................................................................................
619
F What’s on the CD-ROM
..............................................................................................................
625
G Using the ExamGear, Training Guide Edition Software
..................................................
627
Index
......................................................................................................................................................
653
00a mcse FrontMatter 6/5/01 3:26 PM Page iv
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
v
Table of Contents
Introduction 1
Notes on This Book’s Organization ........................................................................1
How This Book Helps You ....................................................................................2
What the Installing, Configuring, and Administrating Microsoft Internet Security and
Acceleration (ISA) Server Exam (70-227) Covers ................................................4
Installing ISA Server ........................................................................................4
Configuring and Troubleshooting ISA Server Services ......................................4
Configuring, Managing, and Troubleshooting Policies and Rules ....................5
Deploying, Configuring, and Troubleshooting the Client Computer ..............5
Monitoring, Managing, and Analyzing ISA Server Use ....................................5
Hardware and Software You’ll Need ......................................................................6
Advice on Taking the Exam ....................................................................................7
New Riders Publishing ..........................................................................................7
1 Introduction: What Is ISA Server? 9
Introduction ........................................................................................................11
Architecture Overview ..........................................................................................12
ISA Server Clients ................................................................................................15
Web Proxy Clients ..........................................................................................15
Firewall Clients ................................................................................................15
SecureNAT Clients ..........................................................................................15
ISA Server Is a Multilayered Enterprise Firewall ..................................................16
Packet Filtering ................................................................................................17
Circuit-Level Filtering ....................................................................................17
Application-Level Filtering ..............................................................................17
Stateful Inspection ..........................................................................................18
Built-In Intrusion Detection ............................................................................18
System Hardening Templates ..........................................................................19
Virtual Private Networking ..............................................................................19
ISA Server Is a High-Performance Web Caching Server ......................................19
Reverse Caching ..............................................................................................20
Forward Caching ............................................................................................21
Scheduled Caching ..........................................................................................22
00a mcse FrontMatter 6/5/01 3:26 PM Page v
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
vi
MCSE T
RAINING
G
UIDE
(70-227) ISA S
ERVER
2000
Distributed Caching ........................................................................................23
Hierarchical Caching or Chaining ..................................................................24
ISA Server Hosting Services ..................................................................................27
ISA Server Provides Integrated, Centralized Management and Control ................28
Enterprise or Standard Editions ......................................................................29
Firewall, Caching, or Integrated Modes ..........................................................30
Policy-Based Rules ..........................................................................................31
Tiered Policies: Both Enterprise and Array Level ............................................35
Bandwidth Control ..........................................................................................36
Logging and Reporting ....................................................................................37
Review Questions ............................................................................................39
Exam Questions ..............................................................................................39
Answers to Review Questions ..........................................................................40
Answers to Exam Questions ............................................................................40
Part I: Installation and Upgrade
2 Plan Before Acting: Preinstallation Activities 45
Introduction ........................................................................................................47
Network Design and Planning ............................................................................47
Network Size ..................................................................................................48
User Needs ......................................................................................................48
Installation Options ........................................................................................48
ISA Server Mode and Array Considerations ....................................................49
Active Directory Integration Needs ................................................................50
Interoperation with and Requirements for Other Services ..............................51
Making Hardware Choices ..............................................................................53
Client Considerations ....................................................................................56
Windows 2000 Installation and Configuration ....................................................57
Preinstallation Network Configuration ................................................................58
Server Placement ............................................................................................58
Verify Network Connectivity ..........................................................................58
Verify Internet Connectivity ..........................................................................62
Verify Name Resolution ..................................................................................63
Exercises ..........................................................................................................65
Review Questions ............................................................................................65
Exam Questions ..............................................................................................65
Answers to Review Questions ..........................................................................67
Answers to Exam Questions ............................................................................68
00a mcse FrontMatter 6/5/01 3:26 PM Page vi
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
vii
3 Installing ISA Server 71
Introduction ........................................................................................................74
Installation Processes Common to Several Configurations ....................................74
Constructing and Modifying the Local Address Table (LAT) ..........................75
Configuring the Cache ....................................................................................77
ISA Server Installation ..........................................................................................79
Installation Defaults ........................................................................................80
Standard Edition Generic Instructions ............................................................81
Enterprise Edition ..........................................................................................83
Installing the ISA Server Schema in the Active Directory ..............................83
Install ISA Server Enterprise Edition ..............................................................85
Unattended Setup ............................................................................................91
Installing Additional ISA Servers in an Array ..................................................93
Troubleshooting the Installation ..........................................................................95
Failed Installation ............................................................................................95
Was Installation Successful? ............................................................................97
Uninstalling ISA Server ........................................................................................99
Exercises ........................................................................................................101
Review Questions ..........................................................................................103
Exam Questions ............................................................................................104
Answers to Review Questions ........................................................................107
Answers to Exam Questions ..........................................................................108
4 Upgrading Microsoft Proxy 2.0 109
Introduction ......................................................................................................111
Reasons for Upgrading ......................................................................................111
The Migration Process ........................................................................................112
Back Up the Proxy Server Configuration ......................................................114
Stop and Disable Proxy Server Services ..........................................................115
Upgrade to Windows 2000 and Install ISA Server ........................................116
Review the Setup Logs ..................................................................................117
Array Migration ............................................................................................118
Proxy Configuration Migration Results ..............................................................120
Predetermined Migration Effects ..................................................................120
Impact of Proxy 2.0 Array Membership and ISA Installation
Selections on Migration ..............................................................................121
Post Migration Necessities ............................................................................122
Migrating the Mindset ......................................................................................123
00a mcse FrontMatter 6/5/01 3:26 PM Page vii
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
viii
MCSE T
RAINING
G
UIDE
(70-227) ISA S
ERVER
2000
Exercises ........................................................................................................126
Review Questions ..........................................................................................126
Exam Questions ............................................................................................126
Answers to Review Questions ........................................................................128
Answers to Exam Questions ..........................................................................129
Part II: Configuring and Troubleshooting ISA Server Services
5 Outbound Internet Access 133
Introduction ......................................................................................................136
Post Installation Default Settings ........................................................................136
ISA Server Object Permissions ......................................................................137
Service Permissions ........................................................................................141
Local Access Table (LAT) ..............................................................................142
Policy Settings ..............................................................................................142
Packet Filtering ..............................................................................................143
Routing ........................................................................................................144
Caching ........................................................................................................145
Publishing ......................................................................................................145
Alerts ............................................................................................................146
Configuring Access Rules and Tools ..................................................................146
Understanding and Configuring Outgoing Web Request Properties ..............147
How Are Rules Evaluated? ............................................................................149
Creating Policy Elements ..............................................................................149
Configuring Site and Content Rules ..............................................................153
Configuring Protocol Rules ..........................................................................154
Authentication and Rules ..............................................................................158
Custom HTML Error Messages ....................................................................158
Configuring a Single System Versus an Array ....................................................160
Configuring Caching ..........................................................................................161
Standalone Cache ..........................................................................................161
Configuring Hierarchical Access ....................................................................161
Configuring CARP ........................................................................................163
Configuring Network Settings ............................................................................163
Bandwidth Rules ..........................................................................................164
LAT and Local Domain Tables ......................................................................166
Configuring Routing Rules ............................................................................167
Configuring ISA Server Chains ......................................................................168
00a mcse FrontMatter 6/5/01 3:26 PM Page viii
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
ix
Troubleshooting Client Access Problems ............................................................169
A Protocol Rule Exists for a Protocol Definition, but Clients Cannot Use It 169
Clients Can’t Use a Specific Protocol ............................................................170
Clients Cannot Browse External Web Sites ....................................................170
Clients Receive a 502 Error Every Time They Attempt to Browse the Web ..171
Clients Can Still Use a Protocol After the Rule for this Protocol
Has Been Disabled ......................................................................................171
All Other Errors Including Intermittent Issues ..............................................172
Exercises ........................................................................................................174
Answers to Exercises ......................................................................................175
Review Questions ..........................................................................................175
Exam Questions ............................................................................................177
Answers to Review Questions ........................................................................179
Answers to Exam Questions ..........................................................................179
6 ISA Server Hosting Roles 181
Introduction ......................................................................................................183
Configuring ISA Server for Web Publishing ......................................................184
Configuring Destination Sets ........................................................................186
Configuring Listeners ....................................................................................186
Creating Web Publishing Rules ....................................................................187
Enabling CARP ............................................................................................188
Configuring Server Certificates and Authentication Methods ........................189
Redirecting HTTP and SSL Requests ............................................................190
Configuring ISA Server for Server Proxy ............................................................193
DNS and Mail Proxy ....................................................................................194
The Mail Server Security Wizard ..................................................................194
Content Filtering ..........................................................................................195
Configuring ISA Server for Server Publishing ....................................................197
Creating Server Publishing Rules ..................................................................197
Publishing Servers on a Perimeter Network ..................................................199
Exercises ........................................................................................................201
Review Questions ..........................................................................................201
Exam Questions ............................................................................................201
Answers to Review Questions ........................................................................203
Answers to Exam Questions ..........................................................................203
00a mcse FrontMatter 6/5/01 3:26 PM Page ix
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
x
MCSE T
RAINING
G
UIDE
(70-227) ISA S
ERVER
2000
7 H.323 Gatekeeper 205
Introduction ......................................................................................................208
What Is an H.323 Gatekeeper? ..........................................................................208
What Is the H.323 Protocol? ........................................................................209
Where Does T-120 Fit In? ............................................................................210
What’s the Difference Between a Gatekeeper and a Gateway? ......................211
How Does the Gatekeeper Work? ..................................................................211
H.323 Gatekeeper Limitations and Other Considerations ............................216
How to Add an H.323 Gatekeeper to ISA ........................................................217
Enabling and Configuring H.323 Protocol Access ........................................218
Configuring DNS ..........................................................................................220
Adding the H.323 Gatekeepers ....................................................................221
Enabling Fast Kernel Mode and Data Pumping ............................................222
Gatekeeper Administration ............................................................................222
Configuring Gatekeeper Call Routing Rules ......................................................223
Configuring Destinations ..............................................................................224
Configuring Phone Number Rules ................................................................224
Configuring Email Address Rules ..................................................................225
Configure IP Address Rules ..........................................................................226
H.323 Gatekeeper Scenarios ..............................................................................227
Exercises ........................................................................................................231
Review Questions ..........................................................................................231
Exam Questions ............................................................................................232
Answers to Review Questions ........................................................................233
Answers to Exam Questions ..........................................................................233
8 Dial-Up Connections and RRAS 235
Introduction ......................................................................................................238
Dial-on-Demand Connections ..........................................................................238
Configure Network and Dial-Up Connections ..............................................239
Create a Dial-Up Entry ................................................................................240
Create a Dial-Up Routing Rule ....................................................................240
Enable Dial-Up Entry in Firewall Chaining Configuration ..........................242
Managing and Limiting ISA
Dial-Up Connections ......................................................................................243
Troubleshooting ISA Server Dial-Up Connections ............................................243
Routing and Remote Access Service Versus ISA Server ......................................245
Routing ........................................................................................................246
Connecting Remote Clients ..........................................................................246
Static Routes ..................................................................................................247
00a mcse FrontMatter 6/5/01 3:26 PM Page x
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
xi
Using RRAS for Dial-on-Demand Connections ................................................249
Troubleshooting Common RRAS Problems ..................................................250
Remote Administration ......................................................................................253
Using ISA Management Console from a Remote Computer ........................253
Using Terminal Services to Manage ISA Server ..............................................254
Exercises ........................................................................................................256
Review Questions ..........................................................................................256
Exam Questions ............................................................................................258
Answers to Review Questions ........................................................................261
Answers to Exam Questions ..........................................................................262
9 ISA Virtual Private Networks 265
Introduction ......................................................................................................269
Configuring VPN Endpoint for VPN clients ....................................................269
Using the VPN Allow Wizard ........................................................................270
Examining Wizard Results ............................................................................270
Making Additional Configurations ................................................................272
Creating Client Connections and Testing the VPN ......................................272
Configuring VPN Pass-Through ........................................................................274
Configuring ISA Server as a VPN Endpoint ......................................................275
Using the Wizard ..........................................................................................275
Without the VPN Wizard ............................................................................284
Configuring Microsoft Certificate Services ........................................................289
Install and Configure Root CA ......................................................................290
Configure Enterprise Root CA ......................................................................291
Configuring the L2TP over IPSec Tunnel ..........................................................292
Requesting Certificates from a Standalone CA ..............................................292
Verifying Server Certificates ..........................................................................296
The L2TP/IPSec VPN ..................................................................................297
Exercises ........................................................................................................299
Review Questions ..........................................................................................300
Exam Questions ............................................................................................301
Answers to Review Questions ........................................................................303
Answers to Exam Questions ..........................................................................304
00a mcse FrontMatter 6/5/01 3:26 PM Page xi
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
xii
MCSE T
RAINING
G
UIDE
(70-227) ISA S
ERVER
2000
Part III: Configuring, Managing, and Troubleshooting Policies and Rules
10 Firewall Configuration 309
Introduction ......................................................................................................311
Understanding Packet Filters ..............................................................................312
Configuring Packet Filter Rules ........................................................................312
Examining Default Packet Filters ..................................................................313
Configuring New Packet Filters ....................................................................314
Configuring/Enabling IP Packet Filter Properties ..........................................316
Configuring and Using Application Filters/Extensions ......................................318
FTP Access Filter ..........................................................................................318
HTTP Redirector Filter ................................................................................319
RPC Filter ....................................................................................................320
SOCKS V4 Filter ........................................................................................321
Configuring for System Hardening ....................................................................321
Pre-Installation Considerations, Lifetime Chores ..........................................321
Authentication Rules ....................................................................................322
The ISA Server Security Configuration Wizard ............................................325
Special Considerations for Perimeter Networks ..................................................328
Configuring the LAT ....................................................................................329
Publishing Perimeter Network Servers ..........................................................330
Troubleshooting Access ......................................................................................330
Exercises ........................................................................................................332
Review Questions ..........................................................................................332
Exam Questions ............................................................................................332
Answers to Review Questions ........................................................................334
Answers to Exam Questions ..........................................................................334
11 Manage ISA Server in the Enterprise 337
Introduction ......................................................................................................339
Managing and Configuring Arrays ....................................................................339
Understanding Hierarchical and Distributed Arrays ......................................340
Understanding Enterprise Policy Scope ........................................................340
Managing ISA Server Arrays ..........................................................................342
Configuring for Scalability ................................................................................350
Configuring Cache Array Routing Protocol (CARP) ....................................350
Configuring Network Load Balancing (NLB) ................................................352
00a mcse FrontMatter 6/5/01 3:26 PM Page xii
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
