You are on page 1of 28

Installing and Maintaining ISA Server 2006

Planning an ISA Server Deployment

Understand the current network infrastructure. Review company security policies. Plan the required network infrastructure. Plan for branch office installations. Plan for availability and fault tolerance. Plan for access to the Internet. Plan the ISA Server client implementation and deployment. Plan for server publishing. Plan for VPN deployment. Plan the implementation.

Network infrastructure

Internal interface connects to internal network

External interface connects to the Internet


Network Infrastructure Requirements

DNS Domain controllers DHCP

Domain Name System Requirements

To connect to resources on the Internet. To enable access to Internet resources Use: Internal DNS Server External DNS Server

Domain Controller Requirements

Restrict access to Internet resources based on user accounts Require authentication before users can access published servers ISA Server 2006 provides several options for authenticating the users.

Dynamic Host Configuration Protocol Requirements

DHCP is not required to support an ISA Server infrastructure! is highly recommended to simplify network management. The advantage of using DHCP is that it can provide the IPconfiguration for all the client computers on your network automatically. This can make your ISA Server deployment much more efficient.

Operating System Requirements


Windows Server 2003 with SP1 or higher
Single 733MHz Pentium III equivalent Memory 512MB of memory 150MB available (for installation of ISA software)


Disk Space

Network Cards / ISDN Adapter / Modem

One OS-compatible card per connected network


Choosing an ISA Server Client

ISA Server Client Options Firewall clients SecureNAT clients Web Proxy clients

What Is a Firewall Client?

Install Firewall client

Use the Firewall Client application when initiating connections to the ISA Server computer!

Advantages of using Firewall client

Firewall clients enable user or group based access control and logging. When a Firewall client connects to ISA Server, the Firewall service automatically authenticates the user. The Firewall Client software can configure the Web Proxy browser automatically.


Disadvantages of using Firewall client

Must install the Firewall Client software on the client computers. A large number of client computers in organization and have no means of automating the client installation, it will require a significant effort to deploy the client. The Firewall client can only be installed on Windows computers.


What is a SecureNAT Client?


What is a SecureNAT Client?

Do not have Firewall Client software. Configure the default gateway on the SecureNAT clients and configure network routing, so that all traffic destined to the Internet is sent through the ISA Server computer.


Advantages of using SecureNAT Client

SecureNAT clients also provide almost as much functionality as Firewall clients. Requests from SecureNAT clients can be passed to application filters, which can modify the requests to enable handling of complex protocols. SecureNAT can use the Web Proxy service for Web access filtering and caching. Any operating system that supports Transmission Control Protocol/Internet Protocol. (TCP/IP) can be configured as a SecureNAT client.

Advantages of using SecureNAT Client

Can not control access to Internet resources based on users and groups SecureNAT clients may not be able to use all protocols.



How to configure the client computers route Internet requests to the ISA Server computer?


What Is a Web Proxy Client?


What Is a Web Proxy Client?

A Web Proxy client is a client computer that has an HTTP 1.1compliant Web browser application and is configured to use the ISA Server computer as a Web Proxy server. Do not have to install any software to configure Web Proxy clients. Must configure the Web applications on the client computers to use the ISA Server computer as a proxy server.

Guidelines for Choosing ISA Server Clients

If You Need To
Avoid deploying or configuring client software Use ISA Server only for accessing Web resources using HTTP or HTTPS Allow access only for authenticated clients Publish servers that are located on your Internal network Improve Web performance in an environment with non-Windows operating systems

Then Use
SecureNAT clients SecureNAT or Web Proxy clients Firewall clients or Web Proxy clients SecureNAT clients Web Proxy or SecureNAT clients

Maintaining ISA Server 2006

Export the ISA Server Configuration. Import the ISA Server Configuration. Back Up the ISA Server Configuration. Restore the ISA Server Configuration.


How to Export and Import the ISA Server Configuration

Cloning a server Saving a partial configuration. Sending a configuration fo troubleshooting. Rolling back a configuration change.


How to Install ISA 2006


How to Install ISA 2006

Add Internal Network adress


ISA Server 2006


How to Export and Import the ISA Server Configuration


How to Export and Import the ISA Server Configuration


How to Export and Import the ISA Server Configuration