INTRODUCTION
3
• Key terms. A list of key terms appears at the
end of most chapters.
• Notes. These appear in the margin and con-
tain various kinds of useful information, such
as tips on technology or administrative prac-
tices, historical background on terms and
technologies, or side commentary on industry
issues.
• Warnings. When using sophisticated informa-
tion technology, there is always the potential
for mistakes or even catastrophes that can
occur because of improper application of the
technology. Warnings appear in the margin to
alert you to these potential problems.
• In the field. These more extensive discussions
cover material that might not be directly rele-
vant to the exam but that is useful as refer-
ence material or in everyday practice. These
tips might also provide useful background or
contextual information necessary for under-
standing the larger topic under consideration.
• Exercises. Found at the end of the chapters in
the “Apply Your Knowledge” section, exercises
are performance-based opportunities for you
to learn and assess your knowledge. Solutions
to the exercises, when applicable, are provided
later in a separate section titled “Answers to
Exercises.”
á

Extensive practice test options. This book pro-
vides numerous opportunities for you to assess
your knowledge and to practice for the exam.
The practice options include the following:
• Review Questions. These open-ended ques-
tions appear in the “Apply Your Knowledge”
section at the end of each chapter. They allow
you to quickly assess your comprehension of
what you just read in each chapter. Answers
to the questions are provided later in a sepa-
rate section titled “Answers to Review
Questions.”
• Exam Questions. These questions also appear
in the “Apply Your Knowledge” section. Use
them to help you determine what you know
and what you need to review or study further.
Answers and explanations for exam questions
are provided in a separate section titled
“Answers to Exam Questions.”
• Practice Exam. A practice exam is included in
the “Final Review” section. The “Final
Review” section and the practice exam are
discussed later in this list.
• ExamGear. The special Training Guide ver-
sion of the ExamGear software included on
the CD-ROM provides further opportunities
for you to assess how well you understand the
material in this book.
á
Final Review. This part provides you with three

valuable tools for preparing for the exam:
• Fast Facts. This condensed version of the
information contained in this book will prove
extremely useful for a last-minute review.
• Study and Exam Prep Tips. Read this section
early on to help you develop study strategies.
This section also provides you with valuable
exam-day tips and information on exam/
question formats, such as adaptive tests and
case study-based questions.
• Practice Exam. A practice exam is included in
this section. Questions are written in styles
similar to those used on the actual exam.
Use this to assess your understanding of the
material in this book.
This book contains several other features, including a
section titled “Suggested Readings and Resources”
at the end of each chapter that directs you toward fur-
ther information that could aid you in your exam
preparation or your actual work. Valuable appendixes
01 mcse Intro 6/5/01 11:53 AM Page 3
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
4
MCSE TRAINING GUIDE (70-227): ISA SERVER
Installing ISA Server
Preconfigure network interfaces.
á
Verify Internet connectivity before installing ISA
Server.
á

Verify DNS name resolution.
Install ISA Server.
á
Construct and modify the local address table
(LAT).
á
Calculate the size of and configure the cache.
á
Install an ISA Server computer as a member of
an array.
Upgrade a Microsoft Proxy 2.0 Server computer to ISA
Server.
á
Back up the Proxy 2.0 Server configuration.
Troubleshoot problems that occur during setup.
Configuring and
Troubleshooting ISA Server
Services
Configure and troubleshoot outbound Internet access.
Configure ISA Server hosting roles.
á
Configure ISA Server for Web publishing.
á
Configure ISA Server for server proxy.
á
Configure ISA Server for server publishing.
Configure H.323 Gatekeeper for audio and video
conferencing.
á
Configure gatekeeper rules. Rules include tele-

phone, email, and Internet Protocol.
á
Configure gatekeeper destinations by using the
Add Destination Wizard.
are also included, as well as a glossary (Appendix D),
an overview of the Microsoft certification process
(Appendix E), and a description of what is on the
CD-ROM (Appendix F).
For more information about the exam or the certifica-
tion process, contact Microsoft:
Microsoft Education: 1-800-636-7544
Internet:
/>World Wide Web:
/>CompuServe Forum:
GO MSEDCERT
W
HAT THE
I
NSTALLING
,
C
ONFIGURING
,
AND
A
DMINISTERING
M
ICROSOFT
I
NTERNET

S
ECURITY AND
A
CCELERATION
(ISA) S
ERVER
E
XAM
(70-227) C
OVERS
á
Installing ISA Server
á
Configuring and Troubleshooting ISA Server
Services
á
Configuring, Managing, and Troubleshooting
Policies and Rules
á
Deploying, Configuring, and Troubleshooting
the Client Computer
á
Monitoring, Managing, and Analyzing ISA
Server Use
Before taking the exam, you should be proficient in the
job skills represented by the following units, objectives,
and subobjectives.
01 mcse Intro 6/5/01 11:53 AM Page 4
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
INTRODUCTION

5
Set up and troubleshoot dial-up connections and
Routing and Remote Access dial-on-demand connec-
tions.
á
Set up and verify routing rules for static IP routes
in Routing and Remote Access.
Configure Virtual Private Network (VPN) access.
á
Configure the ISA Server computer as a VPN
endpoint without using the VPN Wizard.
á
Configure the ISA Server computer for VPN
pass-through.
á
Configure multiple ISA Servers for scalability.
Configurations include Network Load Balancing
(NLB) and Cache Array Routing Protocol
(CARP).
Configuring, Managing, and
Troubleshooting Policies and
Rules
Configure and secure the firewall in accordance with
corporate policies.
á
Configure the packet filter rules for different
levels of security, including system hardening.
á
Create and configure access control and band-
width policies.

á
Create and configure site and content rules to
restrict Internet access.
á
Create and configure protocol rules to restrict
Internet access.
á
Create and configure routing rules to restrict
Internet access.
á
Create and configure bandwidth rules to control
bandwidth usage.
Troubleshoot access problems.
á
Troubleshoot user-based access problems.
á
Troubleshoot packet-based access problems.
Create new policy elements. Elements include sched-
ules, bandwidth priorities, destination sets, client
address sets, protocol definitions, and content groups.
Manage ISA Server arrays in an enterprise.
á
Create an array of proxy servers.
á
Assign an enterprise policy to an array.
Deploying, Configuring, and
Troubleshooting the Client
Computer
Plan the deployment of client computers to use ISA
Server services. Considerations include client authenti-

cation, client operating system, network topology, cost,
complexity, and client function.
Configure and troubleshoot the client computer for
secure network address translation (SecureNAT).
Install the Firewall client software. Considerations
include the cost and complexity of deployment.
á
Troubleshoot autodetection.
Configure the client computer’s Web browser to use
ISA Server as an HTTP proxy.
Monitoring, Managing, and
Analyzing ISA Server Use
Monitor security and network usage by using logging
and alerting.
á
Configure intrusion detection.
á
Configure an alert to send an email message to an
administrator.
01 mcse Intro 6/5/01 11:53 AM Page 5
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
6
MCSE TRAINING GUIDE (70-227): ISA SERVER
á
Automate alert configuration.
á
Monitor alert status.
á
Troubleshoot problems with security and
network usage.

á
Detect connections by using Netstat.
á
Test the status of external ports by using Telnet
or Network Monitor.
Analyze the performance of ISA Server by using
reports. Report types include summary, Web usage,
application usage, traffic and utilization, and security.
Optimize the performance of the ISA Server computer.
Considerations include capacity planning, allocation
priorities, and trend analysis.
á
Analyze the performance of the ISA Server
computer by using Performance Monitor.
á
Analyze the performance of the ISA Server
computer by using reporting and logging.
á
Control the total RAM used by ISA Server for
caching.
H
ARDWARE AND
S
OFTWARE
Y
OU
’
LL
N
EED

As a self-paced study guide, MCSE Training Guide:
Installing, Configuring, and Administrating Microsoft
Internet Security and Acceleration (ISA) Server is meant
to help you understand concepts that must be refined
through hands-on experience. To make the most of
your studies, you must have as much background on
and experience with all versions of Windows 2000
(Professional, Server, and Advanced Server) as possible,
and with running ISA Server in standalone and array-
based scenarios. The best way to do this is to combine
studying with work on ISA Server installations. This
section gives you a description of the minimum com-
puter requirements that you need to enjoy a solid prac-
tice environment.
á
At least two Windows 2000 Servers and at least
two client machines. More server computers and
more clients allow you a richer set of study sys-
tems with which to deploy typical scenarios.
á
All computers running Windows 2000 should be,
or their components should be, on the Microsoft
Hardware Compatibility List.
á
Pentium II (or better) processor.
á
2GB (or larger) hard disk.
á
VGA (or Super VGA) video adapter and
monitor.

á
Mouse or equivalent pointing device.
á
CD-ROM drive.
á
All clients should have a Network Interface Card
(NIC).
á
Ideally, both servers should have two Network
Interface Cards, and one should have a modem..
á
Alternatively, the modem on one server can serve
as the second interface, but both servers should
have two networking interfaces.
á
Presence on a test network. This can be created
using multiple small hubs. Exercises for VPN are
best experienced with the creation of three physi-
cal subnets within the test network. It is not
advisable to perform ISA Server exercises on a
production network.
á
Internet access is not required, but can be advent-
ageous in many exercises. Otherwise you can sim-
ulate access to Web sites by placing a test Web
server on the external side of the ISA Server in
the test network.
á
128MB of RAM on each server (256MB
recommended).

01 mcse Intro 6/5/01 11:53 AM Page 6
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
INTRODUCTION
7
á
Windows 2000 SP 1 or latest service pack.
á
Hotfix rollup for ISA Server is required prior to
the release of SP 2.
It is fairly easy to obtain access to the necessary com-
puter hardware and software in a corporate business
environment. It can be difficult, however, to allocate
computers to a test network and to allocate enough
time within the busy work day to complete a self-study
program. Most of your study time will occur after nor-
mal working hours, away from the everyday interrup-
tions and pressures of your regular job.
A
DVICE ON
T
AKING THE
E
XAM
More extensive tips are found in the “Final Review”
section titled “Study and Exam Prep Tips,” but keep
this advice in mind as you study:
á
Read all the material. Microsoft has been
known to include material not expressly specified
in the objectives. This book has included addi-

tional information not reflected in the objectives
in an effort to give you the best possible prepara-
tion for the examination—and for the real-world
experiences to come.
á
Do the Step by Step tutorials and complete the
Exercises in each chapter. They help you gain
experience using the specified methodology or
approach. All Microsoft exams are task- and
experienced-based and require you to have expe-
rience actually performing the tasks on which
you will be tested.
á
Use the questions to assess your knowledge.
Don’t just read the chapter content; use the ques-
tions to find out what you know and what you
don’t. You also need the experience of analyzing
case studies. If you are struggling at all, study
some more, review, and then assess your knowl-
edge again.
á
Review the exam objectives. Develop your own
questions and examples for each topic listed. If
you can develop and answer several questions for
each topic, you should not find it difficult to pass
the exam.
Remember, the primary object is not to pass the
exam—it is to understand the material. After you
understand the material, passing the exam should be
simple. Knowledge is a pyramid; to build upward, you

need a solid foundation. This book and the Microsoft
Certified Professional programs are designed to ensure
that you have that solid foundation.
Good luck!
N
EW
R
IDERS
P
UBLISHING
The staff of New Riders Publishing is committed to
bringing you the very best in computer reference mate-
rial. Each New Riders book is the result of months of
work by authors and staff who research and refine the
information contained within its covers.
As part of this commitment to you, the NRP reader,
New Riders invites your input. Please let us know if
you enjoy this book, if you have trouble with the infor-
mation or examples presented, or if you have a sugges-
tion for the next edition.
Please note, however, that New Riders staff cannot
serve as a technical resource during your preparation
for the Microsoft certification exams or for questions
about software- or hardware-related problems. Please
refer instead to the documentation that accompanies
the Microsoft products or to the applications’ Help
systems.
If you have a question or comment about any New
Riders book, there are several ways to contact New
Riders Publishing. We respond to as many readers as

we can. Your name, address, or phone number will
never become part of a mailing list or be used for any
01 mcse Intro 6/5/01 11:53 AM Page 7
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
8
MCSE TRAINING GUIDE (70-227): ISA SERVER
purpose other than to help us continue to bring you
the best books possible. You can write to us at the
following address:
New Riders Publishing
Attn: Al Valvano
201 W. 103rd Street
Indianapolis, IN 46290
If you prefer, you can fax New Riders Publishing at
317-581-4663.
You also can send email to New Riders at the following
Internet address:

NRP is an imprint of Pearson Education. To obtain a
catalog or information, contact us at
nrmedia@newrid-
ers.com
. To purchase a New Riders book, call 1-800-
428-5331.
Thank you for selecting MCSE Training Guide:
Installing, Configuring, and Administering Microsoft
Internet Security and Acceleration (ISA) Server.
01 mcse Intro 6/5/01 11:53 AM Page 8
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
O

BJECTIVES
1
CHAPTER
Introduction: What Is
ISA Server?
This chapter does not fulfill a specific Microsoft-
specified objective for the Installing, Configuring,
and Administering Microsoft Internet Security and
Acceleration (ISA) Server 2000 exam; however, it does
lay a solid foundation on which to approach the objec-
tives and other chapters in this book.
02 mcse CH01 6/5/01 11:54 AM Page 9
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
S
TUDY
S
TRATEGIES
O
UTLINE
Introduction 11
Architecture Overview 12
ISA Server Clients 15
Web Proxy Clients 15
Firewall Clients 15
SecureNAT Clients 15
ISA Server Is a Multilayered
Enterprise Firewall 16
Packet Filtering 17
Circuit-Level Filtering 17
Application-Level Filtering 17

Stateful Inspection 18
Built-In Intrusion Detection 18
System Hardening Templates 19
Virtual Private Networking 19
ISA Server Is a High-Performance
Web Caching Server 19
Reverse Caching 20
Forward Caching 21
Scheduled Caching 22
Distributed Caching 23
Hierarchical Caching or Chaining 24
ISA Server Hosting Services 27
ISA Server Provides Integrated,
Centralized Management and Control 28
Enterprise or Standard Editions 29
Firewall, Caching, or Integrated Modes 30
Policy-Based Rules 31
Bandwidth Rules 33
Protocol Rules 33
Site and Content Rules 33
Application Filters 33
How Rules and Filters Combine to
Implement Policy 34
Tiered Policies: Both Enterprise and
Array Level 35
Bandwidth Control 36
Logging and Reporting 37
Chapter Summary 38
Apply Your Knowledge 39
Review Questions 39

Exam Questions 39
Answers to Review Questions 40
Answers to Exam Questions 40
. Use this section as an introduction to ISA
Server concepts, vocabulary, and features.
. As you review the material, focus on where you
might use an ISA Server.
. If you have knowledge of how Proxy Server 2.0
works, see if you can identify key differences in
the two products. You should realize that ISA
Server is not Proxy 3.0.
. If you have knowledge of competing firewalls
and caching servers, identify advantages and
disadvantages of these systems versus ISA
Server.
02 mcse CH01 6/5/01 11:54 AM Page 10
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Chapter 1 INTRODUCTION: WHAT IS ISA SERVER?
11
I
NTRODUCTION
This chapter, while it does not speak directly to a particular exam
objective, helps you identify exactly what ISA Server is by presenting
a broad overview of its features and capabilities.
Microsoft Internet Security and Acceleration Server is an engaging
combination of a firewall and caching server. It can be used to pro-
tect the enterprise from external access while allowing internal users
access to the Internet. It can be used to improve Web access perfor-
mance by caching downloaded Web information.
These modes—firewall and caching—can be implemented separately

or integrated. Either way, a rich collection of features awaits the
curious administrator or engineer. But even more exciting, the
Enterprise edition can provide centralized administration and enter-
prise policy implementation. No longer must a panoply of firewalls
be uniquely configured one at a time and laboriously checked for
the maintenance of correct settings. Enterprisewide imperatives can
be configured once, and their implementation and maintenance
ensured on all servers.
It is important, before you delve into the study of this product, to
briefly explore the range and extent of features available, and to
explore the concepts that will form the basis of your understanding.
This chapter will fulfill these goals. In short it covers:
á
Architecture overview
á
ISA Server clients
á
ISA Server as a multilayered Enterprise firewall
á
ISA Server as a high-performance Web-caching
á
ISA hosting services
á
ISA Server provides integrated, centralized management and
control
á
ISA Server versions
02 mcse CH01 6/5/01 11:54 AM Page 11
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
12

Part I INSTALLATION AND UPGRADE
A
RCHITECTURE
O
VERVIEW
Despite being multifaceted, all ISA Server services have a common
goal: Protecting an internal, private network from an external net-
work while allowing efficient access of the external network from the
internal one. In English: Web surfing allowed and network penetra-
tion prevented. The architecture that enables this is composed of
four parts:
á
Core services. The Web Proxy service for outbound access and
the Firewall service for in-bound protection and the manage-
ment of protocol specific filters.
á
Clients and servers on the private network that desire access to
the public network such as
• Web proxy clients
• SecureNAT clients
• Firewall clients
• Web servers, and other servers such as mail servers and
databases
á
Clients and servers on the private network that want no access,
either inbound or outbound with the public network.
á
The rest of the world represented by the Internet in most
examples.
Figure 1.1 illustrates this overview. This is the world as we would

like to see it, with the firewall protecting the internal network.
Figure 1.2 is more representative, indicating that the ISA Server can
only afford protection for and from those communications that
must pass through it.
02 mcse CH01 6/5/01 11:54 AM Page 12
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Chapter 1 INTRODUCTION: WHAT IS ISA SERVER?
13
Internally, as pictured in Figure 1.3, the two services act in concert
with each other and with protocol specific filters to provide connec-
tions between the private and public network. Think of the two ser-
vices and the filters as composing the “meat and cheese” of a
sandwich with the packet filtering posing as the wrapper or bread.
External to this, like a loose wrapping of waxed paper is an Intrusion
Detection (ID) and alerting mechanism. If entrance into and out of
the network must pass through the ISA Server, then all traffic must
penetrate the packet filter. If attacks are defined in the ID engine,
then alerts will be generated when they are used against the system.
(like the loosely wrapped sandwich, the ID protected network can-
not prevent all intrusions and leakages from occurring.)
Big Bad Internet
Internal
Network
Internal
Network
W
a
r
D
i

a
l
e
r
s
U
n
k
n
o
w
n
A
u
t
h
o
r
i
z
e
d
D
i
a
l
-
u
p
D

e
s
k
t
o
p
M
o
d
e
m
s
F
i
r
e
w
a
l
l
Telecommuters
FIGURE 1.1
The world as we would like it.
FIGURE 1.2
The real world.
02 mcse CH01 6/5/01 11:54 AM Page 13
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14
Part I INSTALLATION AND UPGRADE
Outbound HTTP requests may be satisfied by the Web Proxy cache,

or passed through a Web filter and then to the pubic network. The
Web proxy service manages this traffic. Protocol specific filters man-
age other types of outbound requests. The firewall service in turn
manages these filters.
Inbound requests for hosted services (Web servers, mail servers,
other types of hosted servers) are regulated by the firewall service.
All other inbound requests can be both blocked by protection mech-
anisms (packet filters, stateful inspection, and so on) and potentially
trigger alerts or other intrusion detection responses.
ISA Server can be installed to handle all these functions, or can be
dedicated to either being a firewall or a caching server. These choices
are defined during installation by selecting one of three installation
modes:
á
Firewall. Control inbound access and outbound access via
filters, rules and settings.
á
Caching. Manage outbound access via rules and by caching
downloaded data for repeated access.
á
Integrated. A combination of firewall and caching modes.
Web proxy
client
Firewall
client
SecureNAT
client
NAT
driver
Web proxy service

http redirector
Firewall
service
Filters
P
u
b
l
i
c
N
e
t
w
o
r
k
Packet
filters
FIGURE 1.3
Architectural viewpoint.
02 mcse CH01 6/5/01 11:54 AM Page 14
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.