Configuring ISA Server 2000: Building Firewalls for Windows 2000
Using Microsoft s firewall software to protect local-area networks, enable Internet remote access, and define security policies.
TABLE OF CONTENTS Configuring ISA Server 2000: Building Firewalls for Windows 2000
Chapter 9: Configuring ISA Server for Inbound Access
Introduction
In Chapter 8, we focused on how to configure an ISA server to allow for outbound access and how to configure outbound access controls. In this chapter, we look at access control from the other end: how to control inbound access to the internal network through the ISA server. One of the most exciting improvements Microsoft has made with ISA Server over Proxy Server 2.0 is the new product s ability to function as a full-fledged firewall, offering filtering at the packet, circuit, and application levels. This functionality gives administrators flexibility in designing a configuration that will provide administrators with the exact desired degree of control over traffic that is allowed to enter the local network.
Configuring ISA Server Packet Filtering
Packet filtering is the process of examining the TCP and IP header information to assess whether a packet should be allowed to enter or leave the external interface of the ISA server. With ISA Server, you can choose to enable or disable packet filtering. We recommend that you enable packet filtering on the ISA server to ensure the highest level of security.
| Note | Manually created packet filters are static; that is, they open or close ports and leave them that way. Dynamic packet filtering is done using access policy or publishing rules. |
How Packet Filtering Works
When packet filtering is enabled, only packets for which a filter has been configured are allowed to pass through the external interface of the ISA server. If you don t have a...
Copyright Syngress Publishing, Inc. 2001 under license agreement with Books24x7
