www.itnat.

com

Copyright ITNAT.com 2007, for more information info@itnat.com

www.itnat.com
info@itnat.com

Certificate Services
Certificate Authority
DNS DHCP
Firewall & Web Proxy
2004
Access Policy 2004
Cache
Vpn
GFI WebMonitor
Bandwidth Splitter

Copyright ITNAT.com

www.itnat.com
info@itnat.com

2005
.

2004

:
http://www.itnat.com/forum/showthrea...newpost&t=3270

(Microsoft Internet Security and Acceleration Server)

Copyright ITNAT.com
Page 1

www.itnat.com
info@itnat.com

.
:
Proxy server
:
2004
Cash Server
.

.
:
-

Certificate Services
Firewall & Web Proxy

DNS DHCP

.
Access Policy.
.
Caching
VPN

:
.

1.
2.
3.
4.

.
.
.
.
.

5.
6.

(fmfm )

Copyright ITNAT.com
Page 2

www.itnat.com
info@itnat.com

TCP/IP
.
.
.
.

integrated security edge gateway

2000
:
http
exe
http
http
http.
ftp

post
-

.
:
ip

RADUIS
:

:
Copyright ITNAT.com
Page 3

www.itnat.com
info@itnat.com

:
caching

vpn
.
.
Certificate Services
vpn .

Certificate Services

Certificate
SSL

Service

hotmail
.

:
.

vpn

L2TP/IPSec VPN
L2TP/IPSec VPN
SSL

vpn
.

SSL ( Secure Socket Layer )

vpn

Copyright ITNAT.com
Page 4

www.itnat.com
info@itnat.com

IIS 6.0
www
Services
Administrative Tools
World Wide Web Publishing Service
standard

123-

45-

Copyright ITNAT.com
Page 5

www.itnat.com
info@itnat.com

Certificate Authority
(Enterprise Certificate Authority)
CA
Registration
.
:
Enterprise
Trusted Root Certification Authorities

CA

Authority

CA
1.
23-

Active Directory auto enrollment

CA
.
Enterprise CA
Add/remove windows components
Certificate Services
.
Windows Components
Next
Enterprise root CA

Copyright ITNAT.com
Page 6

Next
CA Type

123yes
45-

www.itnat.com
info@itnat.com

Common Name for

NetBIOS

CA

CA identifying Information
DNS Host

6this CA
7-

Certificate Database Settings

.
IIS

8-

91011-

Finish
AD

Enterprise CA
Web enrollment . Certificate mmc snap-in

Firewall

DNS DHCP
& Web Proxy

WPAD (Web Proxy Auto discovery Protocol)

DNS DHCP

DHCP WPAD
DNS WPAD
wpad

2004
DHCP

Set

DHCP
Administrative Tools

Copyright ITNAT.com
Page 7

WPAD

DHCP
1Predefined Options.

www.itnat.com
info@itnat.com

Predefined Options and Values

2-

3Name: wpad
Data type: String
Code: 252
Description : wpad entry

Copyright ITNAT.com
Page 8

www.itnat.com
info@itnat.com

string

Value

4-

Server name:Atodiscovery port number/wpad.dathttp://Isa

.
http://isalocal.msfirewall.org:80/wpad.dat
Lower case.

Copyright ITNAT.com
Page 9

wpad

www.itnat.com
info@itnat.com

Configure options

Scope options

wpad

wpad

5-

6-

DHCP

Copyright ITNAT.com
Page 10

7-

www.itnat.com
info@itnat.com

DHCP
wpad
.

DNS

DNS
DHCP
.

WPAD

wpad

DNS

DNS

(alias )

wpad

wpad
DNS
(CNAME record )

Host(A)
.

(A)
DNS

(A)

DNS

DNS

DNS
Administrative Tools
Forward lookup zone

New Alias

1(CNAME).

browse

wpad

Copyright ITNAT.com
Page 11

2-

www.itnat.com
info@itnat.com

3-

Copyright ITNAT.com
Page 12

www.itnat.com
info@itnat.com

Forward Lookup Zone

4-

5-

Copyright ITNAT.com
Page 13

www.itnat.com
info@itnat.com

OK

DNS

New Resource Record

6-

(CNAME)

7-

Copyright ITNAT.com
Page 14

www.itnat.com
info@itnat.com

8-

WPAD

wpad

wpad

DNS

DNS
(Host Name and Domain Name )
DNS.

DNS

wpad
DHCP
.

Active Directory
Active Directory (
):

Copyright ITNAT.com
Page 15

www.itnat.com
info@itnat.com

My Computer

Change

Copyright ITNAT.com
Page 16

1-

2-

www.itnat.com
info@itnat.com

More

DNS.

3-

4-

.
Copyright ITNAT.com
Page 17

www.itnat.com
info@itnat.com

(CNAME) wpad
DNS.

(Auto Discovery)

1.

Lan Settings.

Connections

2-

OK.

Automatically Detect Settings

3-

DHCP DNS
.

Copyright ITNAT.com
Page 18

www.itnat.com
info@itnat.com

IP (IP Addresses ).

(LAT )
.
DNS DHCP Active Directory
RADIUS WINS
.
(System Policy )

Copyright ITNAT.com
Page 19

1-

www.itnat.com
info@itnat.com

Install ISA Server 2004

Copyright ITNAT.com
Page 20

2-

3-

www.itnat.com
info@itnat.com

4-

Custom

5-

6Firewall Client Installation Share (Message Screener )

.

IIS 6.0 SMTP

Copyright ITNAT.com
Page 21

www.itnat.com
info@itnat.com

7Add

LAT

Copyright ITNAT.com
Page 22

www.itnat.com
info@itnat.com

Select Network Adapter

8-

Add the following private range

9Add address range based on the windows

Copyright ITNAT.com
Page 23

www.itnat.com
info@itnat.com

10-

Internal Network Address Range

1112-

13.

Copyright ITNAT.com
Page 24

www.itnat.com
info@itnat.com

14.

15-

.
:

Copyright ITNAT.com
Page 25

www.itnat.com
info@itnat.com

Start>All Programs> MS ISA server> ISA server management

view

Show System Policy Rules

Copyright ITNAT.com
Page 26

1-

2Firewall Policy

www.itnat.com
info@itnat.com

Task Pane (

32000

System Policy Rules

)
)
)
)

Rules
Order Number
Name
Action (
Protocols
From (
To (
Condition (

4-

Copyright ITNAT.com
Page 27

www.itnat.com
info@itnat.com

:
VPN
vpn
HTTP/HTTPS

Firewall share client

1
2
3
4
5
6
7
8
9

.
Back up

1-

backup

2-

3.

Copyright ITNAT.com
Page 28

www.itnat.com
info@itnat.com

4.

NTFS

2004
:
.

:
-

Copyright ITNAT.com
Page 29

www.itnat.com
info@itnat.com

Back up

1-

backup

2-

3.

4-

Copyright ITNAT.com
Page 30

www.itnat.com
info@itnat.com

Restore

1-

restore

2-

3-

4-

Copyright ITNAT.com
Page 31

www.itnat.com
info@itnat.com

Apply

5-

6-

Copyright ITNAT.com
Page 32

www.itnat.com
info@itnat.com

:
Export

Export Configuration .
VPN
VPN
1VPN Clients Configuration .
2.

Export

Copyright ITNAT.com
Page 33

3-

www.itnat.com
info@itnat.com

4VPN
Import

VPN

1VPN Clients Configuration .

2-

3-

.
VPN

Apply
2004.

Copyright ITNAT.com
Page 34

4-

www.itnat.com
info@itnat.com

Access Policy 2004

Access

:
Policy
.

:
Access Rules
Publishing Rules
.
VPN
.
ftp
.
.

Copyright ITNAT.com
Page 35

www.itnat.com
info@itnat.com

FTP HTTP

Limited Web Access

.

user2

Copyright ITNAT.com
Page 36

www.itnat.com
info@itnat.com

network templates
)

1Firewall Policy
2Disable

3-

Copyright ITNAT.com
Page 37

www.itnat.com
info@itnat.com

4-

HTTPS HTTP
.
Limited Access Web Users

Copyright ITNAT.com
Page 38

www.itnat.com
info@itnat.com

Firewall Policy
.

1Tasks

Limited Users Web Access

234HTTP
HTTPS

Copyright ITNAT.com
Page 39

www.itnat.com
info@itnat.com

5-

6-

Copyright ITNAT.com
Page 40

www.itnat.com
info@itnat.com

7Domain Name Set

8-

*.microsoft.com
*.windows.com *.hotmail.com *.msn.com
.

Copyright ITNAT.com
Page 41

9Microsoft

www.itnat.com
info@itnat.com

10.

All Users

111213Limited Web Users

Windows Users and Groups

Copyright ITNAT.com
Page 42

14-

www.itnat.com
info@itnat.com

Location

15-

firewall.org)

16.

User2

17.

1819Limited Web Users

Limited Web Users
.

Copyright ITNAT.com
Page 43

202122-

www.itnat.com
info@itnat.com

IRC

IRC.

access

new

1rule
Administrator Internet Access

23-

All protocols

This rule applies to

Copyright ITNAT.com
Page 44

4except selected

www.itnat.com
info@itnat.com

IRC

Instant messaging

5-

67Internal
8External

9.
10Copyright ITNAT.com
Page 45

www.itnat.com
info@itnat.com

1112-

Administrators
Windows users and groups

13-

1415-

Enter the object names to select

16.

17-

Copyright ITNAT.com
Page 46

www.itnat.com
info@itnat.com

18Administrators

192021-

DNS

DNS
DNS

DNS

DNS

.
:

Copyright ITNAT.com
Page 47

www.itnat.com
info@itnat.com

:
Access Rule

1DNS Servers

This rule applies to

DNS

Infrastructure

Computer Set
computer

Copyright ITNAT.com
Page 48

2345-

678-

www.itnat.com
info@itnat.com

DNS1

DNS

New Computer Rule Element

9-

1011Servers

Computer sets

12External

13141516-

HTTP

Copyright ITNAT.com
Page 49

www.itnat.com
info@itnat.com

HTTP
Kaaza
.
HTTP
Kaaza .

Configure HTTP

12-

Administrator Internet Access

Signatures

HTTP
Signatures

Request URL

Kaaza URL
.

345-

Kaaza

6-

Copyright ITNAT.com
Page 50

www.itnat.com
info@itnat.com

Limited Access Users

78-

:
1-

Copyright ITNAT.com
Page 51

www.itnat.com
info@itnat.com

User2

2-

34-

www.msn.com

www.itnat.com/kaaza

5.

Administrator

6.

Copyright ITNAT.com
Page 52

www.itnat.com
info@itnat.com

Cache
Caching

.
.

Forward Caching
HTTP HTTPS FTP
.
Reverse Caching
.

Headers
:
: No Cache
: Private
Copyright ITNAT.com
Page 53

www.itnat.com
info@itnat.com

- pragme: No Cache
- www-authenticate
- set-cookie
:
cache configuration

HTTP
.

HTTP

HTTP
HTTP

Custom settings

.
FTP

FTP
)

Copyright ITNAT.com
Page 54

1440

www.itnat.com
info@itnat.com

Active Caching
.
Advanced
.

HTTP

HTTP
.
.

Copyright ITNAT.com
Page 55

www.itnat.com
info@itnat.com

Vpn
VPN
VPN

2004
VPN
.

VPN
VPN
Virtual Private Networks (VPN)
Enable VPN Client Access

Configure VPN Client Access

Maximum number of VPN clients allowed
General

Copyright ITNAT.com
Page 56

12-

3456-

www.itnat.com
info@itnat.com

7msfirewall.org

8-

Check Names

Domain Users

9-

L2TP/IPSEC

10-

Enable User Mapping.

User Mapping
11When user name does not contain a domain, use this domain
.
msfirewall.org

Copyright ITNAT.com
Page 57

www.itnat.com
info@itnat.com

12VPN
VPN

VPN

Firewall Policy
VPN Client to Internet

1234-

This rule applies to

VPN Clients

5.

Copyright ITNAT.com
Page 58

www.itnat.com
info@itnat.com

6Access Rule Destination

78910-

Dial-Up

Native
Active Directory

Administrative Tools

Domain Controller
1Users and Computers
2Administrator

VPN

Dial-Up

3-

4-

Copyright ITNAT.com
Page 59

www.itnat.com
info@itnat.com

VPN
VPN
My Network Places

2000

123456789-

ISAVPN

: MSFIREWALL\Administrator

MPPE 128

VPN Server

Copyright ITNAT.com
Page 60

MSFIREWALL
Administrator
10.

www.itnat.com
info@itnat.com

11.

\\Exchange2003be
VPN
.

GFI WebMonitor
:

.
:
http://www.gfi.com/webmon/
:
http://www.gfi.com/webmon/webmonreviews.htm
:
PDF

GFI WebMonitor
.
BitDefender.
100%

BitDefender

BitDefender GFI WebMonitor

ICSA
.

Kaspersky.
Kaspersky
.

Copyright ITNAT.com
Page 61

www.itnat.com
info@itnat.com

.
GFI WebMonitor
GFI
.

WebMonito
.

.
.
GFI
.
.

ISA blocking
.
HTTP .
.

GFI WebMonitor
.
GFI WebMonitor

Copyright ITNAT.com
Page 62

www.itnat.com
info@itnat.com

Copyright ITNAT.com
Page 63

www.itnat.com
info@itnat.com

Copyright ITNAT.com
Page 64

www.itnat.com
info@itnat.com

Bandwidth Splitter
:
.
: Bandwidth Splitter

http://www.bsplitter.com/:
:
Bandwidth Splitter v.1.13 for ISA Server 2000
Bandwidth Splitter v.1.05 for ISA Server 2004/2006

http://www.bsplitter.com/resellers.aspx
:

Copyright ITNAT.com
Page 65

www.itnat.com
info@itnat.com

.
).
TCP/UDP
TCP/UDP

FTP ( HTTP, HTTPS

ISA 2004/2006
SNAT) FWC
(
router. NAT
ISA Server
DMZ servers
.
AD)
.

).
.
.
.
.
.
.
.
.
ISA Server
.
.
.
.
.
.

ISA Server

Copyright ITNAT.com
Page 66

.
Bandwidth Splitter

www.itnat.com
info@itnat.com

ISA Server

ISA Server.
:
Bandwidth Splitter
HTTP, HTTPS and FTP.
TCP/UDP.
Firewall
TCP/UDP.
SecureNAT
published servers.
.
.
routed TCP/UDP
ISA 2004/2006
DMZ servers.

.
DMZ

Local Host

www.itnat.com

Copyright ITNAT.com
Page 67

Bandwidth Splitter
TCP/UDP .
ISA 2004/2006
Routed IP
ISA 2000 :