Configuring ISA Server 2000: Building Firewalls for Windows 2000
Using Microsoft s firewall software to protect local-area networks, enable Internet remote access, and define security policies.
TABLE OF CONTENTS Configuring ISA Server 2000: Building Firewalls for Windows 2000
Network Configuration Settings
ISA Server network configuration settings that influence outbound access controls include the following:
-
Routing SecureNAT and firewall client requests
-
Routing Web Proxy Service requests
-
Passing outbound PPTP requests from internal clients
-
The local address table (LAT)
-
The local domain table (LDT)
Each of these influences how outbound requests are processed. We ll start with how SecureNAT and firewall client requests are routed in what are known as firewall chains.
Firewall Chaining: Routing SecureNAT and Firewall Client Requests
ISA Server provides a great deal of flexibility in terms of how client requests are routed. Rather than being limited to using the default connection on the ISA server, you can tell the ISA server to send specific requests via customized routes. When firewall clients send their requests to the ISA server, the requests can be routed directly to the Internet via the primary connection on the ISA server, or you can configure the Firewall Service on the ISA server to forward the request to another ISA server. The question is then, why would you want to do this? The immediate answer is because you can. However, that answer won t be very satisfying when you are trying to explain the rationale for your network infrastructure design to the network security committee.
One reason you might want to forward firewall client requests is that you want to partition the routing of firewall client and SecureNAT client requests from requests made by Web proxy clients. You might want to configure all...
Copyright Syngress Publishing, Inc. 2001 under license agreement with Books24x7
