Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks
Demystifies the least understood and most under documented ISA Server configurations.
TABLE OF CONTENTS Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks
Server Publishing
Server publishing rules allow you to publish almost any type of server protocol. As noted earlier, server publishing rules essentially perform a reverse NAT that allows the ISA server to accept packets on a certain IP address and port number and forward them to the same port number to an IP address on the internal network. While server publishing rules do not allow the ISA server to examine the data portion of the communication on their own, "smart" application filters can be applied to protect communications forwarded by server publishing rules.
In this section, we'll look at how to publish the following services:
-
Terminal Services
-
Terminal Services Advanced Client (TSAC) Sites
-
FTP Servers
-
HTTP and HTTPS Servers
-
VNC Servers
-
pcAnywhere Servers
Publishing Terminal Services on the Internal Network
Publishing a Terminal server on the internal network is relatively straightforward. All you need is a protocol definition with Primary Connection set for Inbound TCP 3389, and a server publishing rule that uses this protocol definition. The only thing that can interfere with Terminal server publishing rules is port contention. The best way to eliminate the Terminal Services port contention is to disable Terminal Services on the ISA server. However, most of us want to run Terminal Services on the ISA server to ease server administration, so we'll go over how to run Terminal Services on the ISA server and publish an internal network Terminal server at the same time later in this chapter.
Let's begin with how to publish...
Copyright Syngress Publishing, Inc. 2002 under license agreement with Books24x7
