Module 14 - Enabling Access To Internet Resources
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Module 14 - Enabling Access To Internet Resources as PDF for free.
More details
- Words: 1,163
- Pages: 36
Module 3: Enabling Access to Internet Resources
Overview ISA Server 2004 as a Proxy Server Configuring Multi-Networking on ISA Server Configuring Access Rule Elements Configuring Access Rules for Internet Access
Lesson: ISA Server 2004 as a Proxy Server How ISA Server Enables Secure Access to Internet Resources Why Use a Proxy Server? How Does a Forward Web Proxy Server Work? What Is a Reverse Web Proxy Server? How to Configure ISA Server as a Proxy Server DNS Configuration for Internet Access How to Configure Web Chaining How to Configure Dial-Up Connections
How ISA Server Enables Secure Access to Internet Resources Is the … User allowed access? Computer allowed access? Protocol allowed? Destination allowed? Content allowed? ISA Serv er Web Serv er
Proxy Server
Why Use a Proxy Server?
ISA Server
Web Server
Improved Internet access security: User authentication Filtering client requests Content inspection Logging user access Hiding the internal network details
Improved Internet access performance
How Does a Forward Web Proxy Server Work?
3
1
6
Is the … User allowed access? Protocol allowed? Destination allowed?
5 2 ISA Server
4
Web Server
What Is a Reverse Web Proxy Server?
Web Server
3
Is the … Request allowed? Protocol allowed? Destination allowed?
DNS Server
4 5
2
ISA Server
1 6
How to Configure ISA Server as a Proxy Server
DNS Configuration for Internet Access If no internal DNS server is available to resolve Internet addresses, configure the ISA Server clients to use an Internet DNS server Configure ISA Server clients to use an internal DNS server if the DNS server can resolve Internet addresses ISA Server can proxy DNS requests for Web proxy and Firewall clients but not for SecureNAT clients ISA Server includes a DNS cache that caches the results of all DNS lookups performed through ISA Server
How to Configure Web Chaining
Inter net
Branch Office
Branch Office Head Office
How to Configure Dial-Up Connections Enable dialup for connection s to this network Use this dial-up connection Logon using this account
Practice: Configuring ISA Server as a Web Proxy Server Configuring the proxy server settings on ISA Server Den-ISA-01
Internet Den-DC-01
Lesson: Configuring MultiNetworking on ISA Server How Does ISA Server 2004 Support Multiple Networks? Default Networks Enabled in ISA Server About Network Objects How to Create and Modify Network Objects What Are Network Rules?
How Does ISA Server 2004 Support Multiple Networks? Support any Number of Networks
Internet
VPN Networks Represented VPN as Networks Dynamic Network Membership
Perimeter1
Per Network Rules Per Network Policies LAN1 Network Sets LAN2
Perimeter2
Default Networks Enabled in ISA Server Default Network Local Host Default External Internal VPN Clients Quarantined VPN Clients
Includes The ISA Server All IP addresses not associated with another network All IP addresses specified as internal during installation All IP addresses for currently connected VPN clients All IP addresses of connected VPN clients that have not cleared quarantine
About Network Objects Network Object Network Network Set Computer Computer Set Address Range Subnet URL Set Domain Name Set Web Listener
Includes All computers connected to a single network interface One or more networks A single computer identified by an IP address included in All computers specified computer, subnet or address range identified objects by All computers continuous IP Alladdresses computers on a specified subnet All specified URLs All specified domain names The IP address on which the ISA Server listens for connections
How to Create and Modify Network Objects Click Firewall Policy, Toolbox, then Network Objects Click Networks, then Networks or Network Sets
What Are Network Rules? Route connection: •
A route relationship is bidirectional
•
If a routed relationship is defined from network A to network B, a routed relationship also exists from network B to network A
NAT connection: A NAT relationship is directional Addresses from the source network are always translated when passing through ISA Server
Practice: Managing Network Objects Configuring a new network on ISA Server Configuring a new network rule on ISA Server Configuring a new computer network object onDen-ISA-01 ISA Server
Internet Den-DC-01
Lesson: Configuring Access Rule Elements What Are Access Rule Elements? How to Configure Protocol Elements How to Configure User Elements How to Configure Content Type Elements How to Configure Schedule Elements How to Configure Domain Name Sets and URL Sets
What Are Access Rule Elements? Access Rule Element Protocols Users Content Types Schedules Network Objects
Used to Configure The protocols that will be allowed or denied by an access rule The users that will be allowed or denied by an access rule The content type that will be allowed or denied by an access rule The time of day when Internet access will be allowed or denied by an access rule The computers or destinations that will be allowed or denied by an access rule
How to Configure Protocol Elements
How to Configure User Elements
How to Configure Content Type Elements
Define the MIME types and file extensions to include
How to Configure Schedule Elements
Define the times when this schedule is active or inactive
How to Configure Domain Name Sets and URL Sets
Use this to configure access to an entire domain
Use this to configure access to a URL
Practice: Configuring Firewall Rule Elements Configuring a new user set Configuring a new content type element Configuring a new schedule element Den-ISA-01 Configuring a new URL set
Internet Den-DC-01
Lesson: Configuring Access Rules for Internet Access What Are Access Rules? How Network Rules and Access Rules Are Applied About Authentication and Internet Access How to Configure Access Rules How to Configure HTTP Policy How to Troubleshoot Access to Internet Resources
What Are Access Rules? Access rules always define: Allo w Deny
U ser
Destination Network Destination IP Destination Site
action on traffic from user from source to destination with conditions Protocol IP Port/Typ e
Source network Source IP
Schedule Content Type
How Network Rules and Access Rules Are Applied Network Rules
3 5
4
Access Rules
1
2 Domain Controller
ISA Server
6
Web Server
About Authentication and Internet Access Authentication and ISA Server Clients Authentication Methods Basic authentication Digest authentication Integrated Windows authentication Digital certificates authentication RADIUS authentication RSA SecureID authentication
How to Configure Access Rules
How to Configure HTTP Policy
Configure maximum header length Configure maximum payload length Configure maximum URL and query length
Configure additional filtering options
Practice: Managing Access Rules Creating a DNS Lookup Rule Creating a Managers Access Rule Testing Internet Access Den-ISA-01
Internet Den-Clt-01Den-DC-01
How to Troubleshoot Access to Internet Resources To troubleshoot Internet access issues: Check for DNS name resolution Determine the extent of the problem Review access rule objects and access rule configuration Review access rule order Check access rule authentication Use ISA Server logging to determine which access rule is granting or denying access
Lab: Enabling Access to Internet Resources Exercise 1: Configuring ISA Server Access Rule Elements Exercise 2: Configuring ISA Server Access Rules Exercise 3: Testing ISA Server Access Rules Den-ISA-01
Den-DC-01
Internet Den-ISA-02
Overview ISA Server 2004 as a Proxy Server Configuring Multi-Networking on ISA Server Configuring Access Rule Elements Configuring Access Rules for Internet Access
Lesson: ISA Server 2004 as a Proxy Server How ISA Server Enables Secure Access to Internet Resources Why Use a Proxy Server? How Does a Forward Web Proxy Server Work? What Is a Reverse Web Proxy Server? How to Configure ISA Server as a Proxy Server DNS Configuration for Internet Access How to Configure Web Chaining How to Configure Dial-Up Connections
How ISA Server Enables Secure Access to Internet Resources Is the … User allowed access? Computer allowed access? Protocol allowed? Destination allowed? Content allowed? ISA Serv er Web Serv er
Proxy Server
Why Use a Proxy Server?
ISA Server
Web Server
Improved Internet access security: User authentication Filtering client requests Content inspection Logging user access Hiding the internal network details
Improved Internet access performance
How Does a Forward Web Proxy Server Work?
3
1
6
Is the … User allowed access? Protocol allowed? Destination allowed?
5 2 ISA Server
4
Web Server
What Is a Reverse Web Proxy Server?
Web Server
3
Is the … Request allowed? Protocol allowed? Destination allowed?
DNS Server
4 5
2
ISA Server
1 6
How to Configure ISA Server as a Proxy Server
DNS Configuration for Internet Access If no internal DNS server is available to resolve Internet addresses, configure the ISA Server clients to use an Internet DNS server Configure ISA Server clients to use an internal DNS server if the DNS server can resolve Internet addresses ISA Server can proxy DNS requests for Web proxy and Firewall clients but not for SecureNAT clients ISA Server includes a DNS cache that caches the results of all DNS lookups performed through ISA Server
How to Configure Web Chaining
Inter net
Branch Office
Branch Office Head Office
How to Configure Dial-Up Connections Enable dialup for connection s to this network Use this dial-up connection Logon using this account
Practice: Configuring ISA Server as a Web Proxy Server Configuring the proxy server settings on ISA Server Den-ISA-01
Internet Den-DC-01
Lesson: Configuring MultiNetworking on ISA Server How Does ISA Server 2004 Support Multiple Networks? Default Networks Enabled in ISA Server About Network Objects How to Create and Modify Network Objects What Are Network Rules?
How Does ISA Server 2004 Support Multiple Networks? Support any Number of Networks
Internet
VPN Networks Represented VPN as Networks Dynamic Network Membership
Perimeter1
Per Network Rules Per Network Policies LAN1 Network Sets LAN2
Perimeter2
Default Networks Enabled in ISA Server Default Network Local Host Default External Internal VPN Clients Quarantined VPN Clients
Includes The ISA Server All IP addresses not associated with another network All IP addresses specified as internal during installation All IP addresses for currently connected VPN clients All IP addresses of connected VPN clients that have not cleared quarantine
About Network Objects Network Object Network Network Set Computer Computer Set Address Range Subnet URL Set Domain Name Set Web Listener
Includes All computers connected to a single network interface One or more networks A single computer identified by an IP address included in All computers specified computer, subnet or address range identified objects by All computers continuous IP Alladdresses computers on a specified subnet All specified URLs All specified domain names The IP address on which the ISA Server listens for connections
How to Create and Modify Network Objects Click Firewall Policy, Toolbox, then Network Objects Click Networks, then Networks or Network Sets
What Are Network Rules? Route connection: •
A route relationship is bidirectional
•
If a routed relationship is defined from network A to network B, a routed relationship also exists from network B to network A
NAT connection: A NAT relationship is directional Addresses from the source network are always translated when passing through ISA Server
Practice: Managing Network Objects Configuring a new network on ISA Server Configuring a new network rule on ISA Server Configuring a new computer network object onDen-ISA-01 ISA Server
Internet Den-DC-01
Lesson: Configuring Access Rule Elements What Are Access Rule Elements? How to Configure Protocol Elements How to Configure User Elements How to Configure Content Type Elements How to Configure Schedule Elements How to Configure Domain Name Sets and URL Sets
What Are Access Rule Elements? Access Rule Element Protocols Users Content Types Schedules Network Objects
Used to Configure The protocols that will be allowed or denied by an access rule The users that will be allowed or denied by an access rule The content type that will be allowed or denied by an access rule The time of day when Internet access will be allowed or denied by an access rule The computers or destinations that will be allowed or denied by an access rule
How to Configure Protocol Elements
How to Configure User Elements
How to Configure Content Type Elements
Define the MIME types and file extensions to include
How to Configure Schedule Elements
Define the times when this schedule is active or inactive
How to Configure Domain Name Sets and URL Sets
Use this to configure access to an entire domain
Use this to configure access to a URL
Practice: Configuring Firewall Rule Elements Configuring a new user set Configuring a new content type element Configuring a new schedule element Den-ISA-01 Configuring a new URL set
Internet Den-DC-01
Lesson: Configuring Access Rules for Internet Access What Are Access Rules? How Network Rules and Access Rules Are Applied About Authentication and Internet Access How to Configure Access Rules How to Configure HTTP Policy How to Troubleshoot Access to Internet Resources
What Are Access Rules? Access rules always define: Allo w Deny
U ser
Destination Network Destination IP Destination Site
action on traffic from user from source to destination with conditions Protocol IP Port/Typ e
Source network Source IP
Schedule Content Type
How Network Rules and Access Rules Are Applied Network Rules
3 5
4
Access Rules
1
2 Domain Controller
ISA Server
6
Web Server
About Authentication and Internet Access Authentication and ISA Server Clients Authentication Methods Basic authentication Digest authentication Integrated Windows authentication Digital certificates authentication RADIUS authentication RSA SecureID authentication
How to Configure Access Rules
How to Configure HTTP Policy
Configure maximum header length Configure maximum payload length Configure maximum URL and query length
Configure additional filtering options
Practice: Managing Access Rules Creating a DNS Lookup Rule Creating a Managers Access Rule Testing Internet Access Den-ISA-01
Internet Den-Clt-01Den-DC-01
How to Troubleshoot Access to Internet Resources To troubleshoot Internet access issues: Check for DNS name resolution Determine the extent of the problem Review access rule objects and access rule configuration Review access rule order Check access rule authentication Use ISA Server logging to determine which access rule is granting or denying access
Lab: Enabling Access to Internet Resources Exercise 1: Configuring ISA Server Access Rule Elements Exercise 2: Configuring ISA Server Access Rules Exercise 3: Testing ISA Server Access Rules Den-ISA-01
Den-DC-01
Internet Den-ISA-02
Related Documents
Module 14 - Enabling Access To Internet Resources
November 2019 2
Module 4 - Managing Access To Resources
November 2019 6
Access Module
October 2019 43
Module 3 Enabling Technologies
November 2019 6
Internet Resources
May 2020 3