secure internet access
TRANSCRIPT
-
7/26/2019 Secure Internet Access
1/26
Filename: 259565963.doc 1
Controlling Secure Internet Accessusing ISA Server 2004
Microsoft Internet Security andAcceleration (ISA) Server 2004
IntroductionMicrosoft Internet Security and Acceleration (ISA Ser!er 2""# $ro!ides %ranular
control o!er &o' clients on your net'ors access t&e Internet. )it& t&e multi*
net'orin% functionality of ISA Ser!er+ you can a$$ly t&is control to clients on any
net'or '&ose %ate'ay to t&e Internet is t&e ISA Ser!er com$uter.
Multi-Networking,sin% ISA Ser!er+ you can connect many net'ors to an ISA Ser!er com$uter+ and
control access amon% t&e net'ors. -ou can t&erefore control t&e Internet access of
any net'or for '&ic& t&e ISA Ser!er com$uter ser!es as t&e %ate'ay to t&e Internet.
Access RulesAccess rules determine &o' clients on a source net'or access resources on a
destination net'or.
-ou can confi%ure access rules to a$$ly to all Internet rotocol (I traffic+ to a s$ecific
set of $rotocol definitions+ or to all I traffic e/ce$t selected $rotocols.
ISA Ser!er includes a list of $reconfi%ured+ 'ell*no'n $rotocol definitions+ includin%
t&e Internet $rotocols t&at are most 'idely used. -ou can also add or modify additional
$rotocols.
)&en a client re0uests an oect usin% a s$ecific $rotocol+ ISA Ser!er c&ecs t&e access
rules. A re0uest is $rocessed only if an access rule s$ecifically allo's t&e client to
communicate usin% t&e s$ecific $rotocol and also allo's access to t&e re0uested oect.
ontrollin% Internet access de$ends $rimarily on t&e desi%n and order of access rules.
4&e only ot&er factor is confi%urin% t&e )e ro/y $ro$erties to re0uire aut&entication
for Internet re0uests+ as descried inA$$endi/ : onfi%urin% 44 olicyin t&is
document.
Tip
ontrollin% Internet access &as only t'o factors:
rdered access rules
)e ro/y $ro$erties
4&e follo'in% tale summari7es all of t&e o$tions a!ailale in access rule desi%n. 4&e
tale is or%ani7ed accordin% to t&e location of t&e $ro$erty on t&e access rule $ro$erties
-
7/26/2019 Secure Internet Access
2/26
Filename: 259565963.doc 2
$a%e. 4o see an access rule $ro$erty $a%e+ doule*clic any access rule (suc& as t&e
8efault rule in t&e Fire'all olicy details $ane.
Note
ule elements referred to in t&is tale are descried in ule lementsin t&is
document.
4aro$erty omments elated rule
elements
;eneral
-
7/26/2019 Secure Internet Access
3/26
Filename: 259565963.doc 3
4aro$erty omments elated rule
elements
rotocols All outound I
traffic
Selected$rotocols
(c&oose from
list
All outound
$rotocols
e/ce$t selected
(c&oose from
list
4&e access rule
can a$$ly to all
$rotocols+ to
s$ecific$rotocols+ or to
all $rotocols
e/ce$t for t&e
s$ecified ones.
4&is $a%e also
$ro!ides access
to t&e 44
confi%uration
$ro$erties+
t&rou%& t&e
Filtering
utton. For
more
information+
see A$$endi/
: onfi%urin%
44 olicyin
t&is document.
rotocols
From A$$lies to
traffic from
t&ese sources
4&e net'or
oects from
'&ic& t&e
re0uests 'ill
come.
-
7/26/2019 Secure Internet Access
4/26
Filename: 259565963.doc #
4aro$erty omments elated rule
elements
4o /ce$tions 4&e rule 'ill
not a$$ly to
traffic sent to
t&ese net'oroects.
-
7/26/2019 Secure Internet Access
5/26
Filename: 259565963.doc 5
Rule EleentsAn ISA Ser!er rule element is an oect t&at you use to refine ISA Ser!er rules. For
e/am$le+ a sunet rule element re$resents a sunet 'it&in a net'or. -ou can create a
rule t&at a$$lies only to a sunet+ or a rule t&at a$$lies to a '&ole net'or e/clusi!e of
t&e sunet.
Anot&er e/am$le of a rule element is a user set+ re$resentin% a %rou$ of users. y
creatin% a user set and usin% it in an ISA Ser!er rule+ you can create a rule t&at a$$lies
only to t&at set of users.
-ou can see t&e rule elements t&at are a!ailale to you y e/$andin% t&e ISA Ser!er
com$uter node+ clicin% Firew!ll "olic#+ and selectin% t&e Tool$o%ta in t&e tas
$ane. 4&ere are fi!e ty$es of rule elements:
"rotocols&4&is rule element contains $rotocols t&at you can use to limit t&e
a$$licaility of access rules. For e/am$le+ you can allo' or deny access on one or
more $rotocols+ rat&er t&an on all $rotocols.
'sers&In t&is rule element+ you can create a user set to '&ic& a rule 'ill e
e/$licitly a$$lied+ or '&ic& can e e/cluded from a rule.
Content t#pes&4&is rule element $ro!ides common content ty$es to '&ic& you
may 'ant to a$$ly a rule. -ou can also define ne' content ty$es.
Sc(edules&4&is rule element allo's you to desi%nate &ours of t&e 'ee durin%
'&ic& t&e rule a$$lies.
Network o$)ects&4&is rule element allo's you to create sets of com$uters or ,@s
to '&ic& a rule 'ill a$$ly+ or '&ic& 'ill e e/cluded from a rule. For more
information+ see Network o$)ects&
4&e rule elements you 'ill use in t&e Internet access solutions descried in t&is
document are:
-
7/26/2019 Secure Internet Access
6/26
Filename: 259565963.doc 6
-
7/26/2019 Secure Internet Access
7/26
Filename: 259565963.doc C
+e$ C(!iningAccess rules determine '&at access is allo'ed. )e c&ainin% determines &o' t&at
access is ac&ie!ed+ s$ecifically '&en t&ere are ot&er )e ro/y com$uters et'een t&e
ISA Ser!er com$uter and your cor$orate Internet %ate'ay. For information aout &o'
to confi%ure )e c&ainin%+ see A$$endi/ : onfi%urin% )e &ainin%in t&is document.
Scen!rios4&ere are many scenarios in '&ic& Internet access control is im$ortant:
onser!in% limited and'idt& strictly for cor$orate use. In t&is scenario+ you may
'ant to limit Internet access to s$ecific 'esites t&at &a!e usiness !alue.
onser!in% limited and'idt& or reducin% em$loyee time s$ent on t&e Internet less
strictly+ y locin% s$ecific sites.
locin% of certain content ty$es+ eit&er ecause t&ey are ina$$ro$riate to your
cor$orate en!ironment+ or ecause t&ey re0uire too muc& and'idt&.
Allo'in% different le!els of Internet access to different %rou$s of users.
locin% of s$ecific sites for le%al reasons+ suc& as file s&arin% sites.
ontrollin% Internet access in a situation '&ere em$loyees may fail to loc
com$uters+ to $re!ent unaut&ori7ed users from accessin% t&e Internet.
educin% use of t&e Internet durin% 'or &ours y limitin% t&e times durin% '&ic&
Internet access is allo'ed.
Solutions4&e solutions to all of t&e listed scenarios rely on t&e fle/iility of access rules+ '&ic&
are rules of ISA Ser!er 2""# t&at control resource access+ in t&is case+ Internet access.In creatin% access rules+ you 'ill use rule elements. For more information+ see access
rulesand rule elements.
Network Topolog#4o allo' Internet access in an internal net'or scenario+ you need+ at a minimum:
A connection to t&e Internet. In a laoratory en!ironment+ t&is can e simulated y
a )e ser!er connected to t&e e/ternal net'or ada$ter of t&e ISA Ser!er
com$uter. o'e!er+ t&is could limit your aility to test t&e access limitations t&at
you create.
A com$uter to ser!e as t&e ISA Ser!er com$uter. 4&e ISA Ser!er com$uter must&a!e at least t'o net'or ada$ters. ne ada$ter 'ill e connected to t&e /ternal
net'or (re$resentin% t&e Internet and one ada$ter 'ill e connected to t&e
Internal net'or. If your solution in!ol!es additional net'ors+ suc& as a second
internal net'or+ eac& additional net'or re0uires its o'n net'or ada$ter on t&e
ISA Ser!er com$uter. 4&e confi%uration of t&e net'ors (suc& as numer of
com$uters+ users+ and sunets 'ill determine '&ic& of t&e solution o$tions you can
a$$ly to your scenario.
-
7/26/2019 Secure Internet Access
8/26
Filename: 259565963.doc D
A com$uter on a net'or e&ind t&e ISA Ser!er com$uter+ for '&ic& t&e ISA Ser!er
com$uter is t&e default %ate'ay.
Controlling Internet Access , +!lk-t(roug(
4&is 'al*t&rou%& %uides you t&rou%& t&e ste$s necessary to control Internet access
t&rou%& ISA Ser!er.
Controlling Secure Internet Access +!lk-t(roug( "rocedure . /!ck 'p #ourCurrent Conigur!tion
)e recommend t&at you ac u$ your confi%uration efore main% any c&an%es. If t&e
c&an%es you mae result in e&a!ior t&at you did not e/$ect+ you can re!ert to t&e
$re!ious+ acu$ confi%uration. Follo' t&is $rocedure to ac u$ t&e confi%uration of
your ISA Ser!er com$uter.
1. i%&t*clic t&e name of t&e ISA Ser!er com$uter+ and clic /!ck 'p.
2. In /!ckup Conigur!tion+ $ro!ide t&e location and name of t&e file to '&ic& you
'ant to sa!e t&e confi%uration. -ou may 'ant to include t&e date of t&e e/$ort in
t&e file name to mae it easier to identity+ suc& as E%port/!ckup21une2004.
3. lic /!ckup. If you are e/$ortin% confidential information suc& as user $ass'ords+
you 'ill e $rom$ted to $ro!ide a $ass'ord. 4&is $ass'ord 'ill e needed to restore
t&e confi%uration from t&e e/$orted file.
#. )&en t&e acu$ o$eration &as com$leted+ clic *.
-
7/26/2019 Secure Internet Access
9/26
Filename: 259565963.doc 9
Controlling Secure Internet Access +!lk-t(roug( "rocedure 5. Conigure ISAServer Solutions
ac& solution uses one or more of t&e follo'in% $rocedures on t&e ISA Ser!er
com$uter:
reation of rule elements. 4&is is descried in A$$endi/ A: reatin% ule lements
in t&is document.
8esi%n and creation of access rules. 4&e $ro$erties of eac& rule are descried in t&is
$rocedure. A 'al*t&rou%& for t&e
-
7/26/2019 Secure Internet Access
10/26
Filename: 259565963.doc 1"
reate a ,@ set containin% t&e 'or*related sites t&at Staff are allo'ed to access
durin% 'or &ours.
Step 5. Cre!te ! sc(edule
reate a sc&edule t&at re$resents t&e 'or &ours for t&e Staff users. 4&ere is a
)or ours sc&edule t&at is $ro!ided 'it& ISA Ser!er+ '&ic& may meet your needs.
Step 4. Cre!te !n !llow !ccess rule or !ll users !t !ll ties
reate an access rule allo'in% unrestricted access to t&e Internet for all users on
t&e Internal net'or. Follo' t&e $rocedure in A$$endi/ : ,sin% t&e
-
7/26/2019 Secure Internet Access
11/26
Filename: 259565963.doc 11
Step 7. Cre!te ! den# !ccess rule or St! on t(e Intern!l network
reate an access rule for Staff+ denyin% t&e Staff user set access to t&e Internet
e/ce$t for t&e ,@ set of allo'ed sites+ durin% t&e times indicated in t&e )or ours
sc&edule. Follo' t&e $rocedure in A$$endi/ : ,sin% t&e
-
7/26/2019 Secure Internet Access
12/26
Filename: 259565963.doc 12
T!$ "ropert# Setting
ontent 4y$es A$$lies to:
All content ty$es
Selected content ty$es
All content ty$es
Step 8. Consider rule order
Al'ays consider rule order '&en creatin% access rules. In t&is solution+ t&e rule
denyin% access to t&e Staff user set durin% 'or &ours must a$$ear efore t&e rule
allo'in% access to all users at all times. If it a$$ears later in t&e order+ '&en a
re0uest arri!es from a Staff user+ ISA Ser!er 'ill read t&e allo' rule first and allo'
access to t&e entire Internet durin% 'or &ours.
Access controlled y net'or entityIn t&is scenario+ you allo' all of your users on t&e Internal net'or to access t&e
Internet. o'e!er+ you 'ant t&em to access only usiness*related sites from t&eir officecom$uters. 4&ere 'ill e se!eral com$uters a!ailale in t&e em$loyee rea room+
'&ere users can access all ot&er sites.
4&ere are at least t&ree $ossile a$$roac&es to t&is solution:
reate an allo' rule+ allo'in% access to t&e entire Internet from t&e rea room
com$uters. reate a deny rule+ denyin% access from t&e Internal net'or to t&e
Internet e/ce$t for t&e ,@ set of allo'ed sites. rder t&e allo' rule efore t&e
deny rule.
reate t'o s$ecific allo' rules+ one for t&e rea room set of com$uters+ allo'in%
access to t&e entire Internet+ and one for t&e Internal net'or+ allo'in% access only
to usiness*related sites.
reate an allo' rule for all of t&e com$uters on t&e Internal net'or. reate a deny
rule for a set of com$uters includin% all of t&e com$uters on t&e Internal net'or
e/ce$t for t&ose in t&e rea room+ denyin% access to t&e Internet e/ce$t for
usiness*related sites. lace t&e deny rule efore t&e allo' rule.
Cop!nion scen!rio
-ou may &a!e t&e o$$osite situation: an Internal net'or from '&ic& access to
t&e entire Internet is allo'ed+ and com$uters in a loy t&at s&ould not &a!e
any access to t&e Internet. In t&is case+ you 'ould create a com$uter set
includin% t&e loy com$uters+ and an allo' rule allo'in% access from t&e
Internal net'or to t&e /ternal net'or+ ut listin% t&e @oy om$uters
com$uter set as an e/ce$tion in t&e Frota.
4&e solution $resented is t&e first one+ ecause it is easier to create a small com$uter
set includin% t&e rea room com$uters+ t&an to create a set of all of t&e ot&er
com$uters on t&e Internal net'or.
-
7/26/2019 Secure Internet Access
13/26
Filename: 259565963.doc 13
Follo' t&ese ste$s to create t&e solution. 4&e $rocedures for creatin% t&e net'or entity
and ,@ set rule elements are descried in A$$endi/ A: reatin% ule lementsin t&is
document.
Step . Cre!te t(e network entit#
4&e net'or entity you create 'ill e a set of I addresses t&at is a suset of a
net'or defined in ISA Ser!er. In t&is e/am$le+ you 'ant to create a com$uter sett&at contains t&e rea room com$uters+ '&ic& is a set of com$uters in t&e Internal
net'or.
Step 2. Cre!te ! 'R6 Set
reate a ,@ set containin% t&e 'or*related sites t&at can e accessed from all
com$uters.
Step 5. Cre!te ! den# !ccess rule or t(e Intern!l network
reate an access rule for Staff+ denyin% access from t&e Internal net'or to t&e
Internet e/ce$t for t&e ,@ set of allo'ed sites. Follo' t&e $rocedure in A$$endi/ :
,sin% t&e
-
7/26/2019 Secure Internet Access
14/26
Filename: 259565963.doc 1#
T!$ "ropert# Setting
4o /ce$tions 4&e ,@ set of acce$tale
'or*related sites
,sers A$$lies to re0uests from
t&e follo'in% user sets
All users
,sers /ce$tions
-
7/26/2019 Secure Internet Access
15/26
Filename: 259565963.doc 15
T!$ "ropert# Setting
4o /ce$tions
-
7/26/2019 Secure Internet Access
16/26
Filename: 259565963.doc 16
Access controlled y content ty$eIn t&is scenario+ you &a!e to $reser!e limited and'idt& for usiness use+ and t&erefore
'ant to $re!ent access to !ideo and audio files+ '&ic& use a lar%e amount of
and'idt&. 4&ere are t'o $ossile solutions for t&is scenario.
reate an allo' rule+ allo'in% all users access to t&e Internet 'it&out e/ce$tions+and t&en create a deny rule+ denyin% all users access to t&e s$ecific content ty$es.
Mae sure t&at t&e deny rule $recedes t&e allo' rule in t&e rule order.
reate an allo' rule+ allo'in% all users access to t&e Internet+ ut only for s$ecific
content ty$es.
4&e second a$$roac& is descried+ ecause it re0uires only one access rule. Follo' t&e
$rocedure in A$$endi/ : ,sin% t&e
-
7/26/2019 Secure Internet Access
17/26
Filename: 259565963.doc 1C
T!$ "ropert# Setting
From /ce$tions
-
7/26/2019 Secure Internet Access
18/26
Filename: 259565963.doc 1D
s&ould e $ro!ided+ and t&at connection status s&ould not e $ro!ided. -ou can
edit t&ese conditions+ and add additional conditions to limit t&e information retrie!ed
durin% t&e 0uery.
#. For e/am$le+ select 6og Tie. From t&e Conditiondro$*do'n menu+ select 6!st
24
-
7/26/2019 Secure Internet Access
19/26
Filename: 259565963.doc 19
as 44S.
,@ 0uals A ,@ ro!ides a lo%
of attem$ts to
access a
s$ecific ,@.
,@ ontains A ,@ ro!ides a lo%
of attem$ts to
access ,@s
containin% a
s$ecific strin%+
suc& as
gambling.
D. After you &a!e created an e/$ression+ clic Add to listto add it to t&e 0uery list+
and t&en clic St!rt =uer#to start t&e 0uery. -ou must clic St!rt =uer#to sa!e
your c&an%es.
Controlling Secure Internet Access +!lk-t(roug( "rocedure 7. Cre!te !nInternet Access Report
-ou can create re$orts t&at summari7e Internet access t&rou%& t&e ISA Ser!er
com$uter. -ou can create eit&er a re$ort t&at runs once+ or a recurrin% re$ort t&at runs
at a fre0uency t&at you s$ecify.
Follow t(is gener!l procedure to cre!te ! report t(!t runs once&
9. In t&e Microsoft ISA Ser!er Mana%ement console tree+ select Monitoring&
1". In t&e Monitorin% details $ane+ select t&e Reportsta.
11.n t&e T!sksta+ select ener!te ! new reportto start t&e
-
7/26/2019 Secure Internet Access
20/26
Filename: 259565963.doc 2"
1C.e!ie' t&e information on t&e summary $a%e+ and t&en clic Finis(. 4&e re$ort 'ill
e dis$layed in t&e Monitorin% details $ane on t&e Reportsta.
Follow t(is gener!l procedure to cre!te ! recurring report&
1. In t&e Microsoft ISA Ser!er Mana%ement console tree+ select Monitoring&2. In t&e Monitorin% details $ane+ select t&e Reportsta.
3. n t&e T!sksta+ select Cre!te !nd Conigure Report 1o$sto o$en t&e Report
1o$s "ropertiesdialo% o/.
#. lic Addto start t&e
-
7/26/2019 Secure Internet Access
21/26
Filename: 259565963.doc 21
5. At t&e to$ of t&e list of elements+ clic New. If t&ere are se!eral c&oices of rule
elements+ as in t&e case of net'or oects+ a dro$*do'n list 'ill a$$ear+ and you
can select t&e element t&at you 'ant to create.
6. ro!ide t&e information re0uired y t&e 'i7ard or a dialo% o/. )&en you &a!e
com$leted t&e 'i7ard or cliced *in t&e dialo% o/+ your ne' rule element 'ill e
created.C. lic Appl#in t&e details $ane to a$$ly c&an%es. If you $refer+ you can clic Appl#
after you &a!e created your access rules+ t&at is+ after you &a!e made all of your
c&an%es+ rat&er t&an after eac& c&an%e. It 'ill tae a fe' moments for t&e c&an%es
to e a$$lied.
Appendi% /. 'sing t(e New Access Rule+i>!rd
T(is procedure descri$es t(e New Access Rule +i>!rd in gener!l ters&
1. In t&e Microsoft ISA Ser!er Mana%ement console tree+ select Firew!ll "olic#.
2. In t&e tas $ane+ on t&e T!sksta+ select Cre!te NewAccess Ruleto start t&e
-
7/26/2019 Secure Internet Access
22/26
Filename: 259565963.doc 22
1". In t&e Fire'all olicy details $ane+ clic Appl# to a$$ly t&e ne' access rule. It may
tae a fe' moments for t&e rule to e a$$lied. rder your access rules to matc&
your Internet access $olicy. If you c&an%e t&e order+ you 'ill need to clic Appl#to
a$$ly t&e c&an%es.
Appendi% C. Coniguring
-
7/26/2019 Secure Internet Access
23/26
Filename: 259565963.doc 23
matc& t&e rule+ e!en if it is not re0uired in t&e )e ro/y $ro$erties. o'e!er+ a rule
t&at a$$lies to All ,sers 'ill not re0uire aut&entication unless you follo' t&is $rocedure.
1. In t&e Microsoft ISA Ser!er Mana%ement console tree+ e/$and t&e Conigur!tion
node and select Networks.
2. 8oule*clic t&e net'or '&ose )e access $ro$erties you 'ant to confi%ure+ to
o$en its $ro$erties dialo% o/. 4y$ically+ t&is 'ould e t&e Internal net'or. Selectt&e +e$ "ro%#ta.
3. Select En!$le +e$ "ro%# clients(t&is is t&e default settin% for t&e Internal
net'or.
#. lic Aut(entic!tionto o$en t&e Aut(entic!tiondialo% o/. -ou can select an
aut&entication ty$e.
5. Select Re9uire !ll users to !ut(entic!te.
4o select a default domain for aut&entication+ clic Select 3o!in. 4&is o$tion
is a!ailale only '&en asic+ 8i%est+ or A8I,S aut&entication is used.
4o select A8I,S ser!ers for aut&entication+ clic RA3I'S Servers.6. lic *to close t&e Aut(entic!tiondialo% o/+ and t&en clic *to close t&e
net'or $ro$erties dialo% o/.
-
7/26/2019 Secure Internet Access
24/26
Filename: 259565963.doc 2#
5. n t&e +e$ C(!ining Rule 3estin!tion$a%e+ clic Addto o$en t&e Add
Network Entitiesdialo% o/. Select Networks+ clic E%tern!l+ clic Add+ and
t&en clic Close. 4&is adds t&e /ternal net'or (t&e Internet as t&e destination+
ecause you 'ant to route Internet re0uests. n t&e +e$ C(!ining Rule
3estin!tion$a%e+ clic Ne%t.
6. n t&e Re9uest Action$a%e+ select &o' t&e re0uest 'ill e $rocessed: Retrieve re9uests directl# ro t(e speciied destin!tion&4&is o$tion does
not use )e c&ainin%.
Redirect re9uests to ! speciied upstre! server&If you select t&is o$tion+
t&e ne/t $a%e of t&e 'i7ard 'ill re0uest t&e u$stream ser!er information on t&e
"ri!r# Routing$a%e. 4o continue+ see Ste$ D.
Note
3eleg!tion o /!sic !ut(entic!tion
If you select Redirect re9uests to ! speciied upstre! server+ you may
also select Allow deleg!tion o $!sic !ut(entic!tion credenti!ls. ISA Ser!er
can &andle user aut&entication '&en t&e re0uest arri!es+ and t&en $ass t&e
aut&entication information to t&e )e ser!er so t&at t&e user does not &a!e to
su$$ly credentials a%ain.
Redirect re9uests to !
-
7/26/2019 Secure Internet Access
25/26
Filename: 259565963.doc 25
9. If you selected Redirect re9uests to ! speciied upstre! serverin Ste$ 6+ you
ne/t see t&e /!ckup Action$a%e+ on '&ic& you can select acu$ routin% o$tions:
Ignore re9uests&
Retrieve re9uests directl# ro t(e speciied destin!tion&4&is o$tion does
not use )e c&ainin%.
Route re9uests to !n upstre! server&4&is 'ill enale you to select a
acu$ route (on t&e ne/t $a%e of t&e 'i7ard.
4&e /!ckup Action$a%e also allo's you to use a dial*u$ entry as t&e acu$
route for t&e re0uest+ y selectin% 'se !uto!tic di!l-up. efore you can use
a dial*u$ entry+ you must s$ecify an automatic dial*u$ connection+ as descried
in A$$endi/ F: S$ecifyin% an Automatic 8ial*u$ onnectionin t&is document.
lic Ne%t.
1". If you selected Route re9uests to !n upstre! serverin Ste$ 9+ you ne/t see
t&e /!ckup Routing$a%e+ on '&ic& you can select t&e acu$ route to '&ic&
re0uests 'ill e routed:
ro!ide t&e Server+ "ort+ and SS6 "ort information. -ou can also clic
/rowse+ to ro'se to t&e ser!er. 4&e default $ort numers $ro!ided are t&ose
t&at an u$stream ISA Ser!er com$uter 'ould listen on. -our u$stream ser!er
may listen on different $orts.
If s$ecific credentials are needed to access t&e ser!er+ select 'se t(is !ccount
and clic Set Accountto o$en t&e Set Accountdialo% o/.
In t&e Set Accountdialo% o/+ $ro!ide credentials t&at 'ill e acce$ted y t&e
ser!er+ and clic *.
In Aut(entic!tion+ select an aut&entication met&od.
lic Ne%t&
11.n t&e summary $a%e+ re!ie' t&e information+ and t&en clic Finis(.
Appendi% F. Speci#ing !n Auto!tic 3i!l-up Connection
-ou can confi%ure ISA Ser!er to dial automatically to estalis& a connection 'it& one
net'or. For e/am$le+ if you &a!e a dial*u$ connection to t&e Internet+ you can
confi%ure ISA Ser!er to dial automatically to t&e /ternal net'or. If you &a!e a &i%&*
s$eed Internet connection+ t&e dial*u$ connection can ser!e as your acu$ route to
t&e Internet+ as descried in A$$endi/ : onfi%urin% )e &ainin%in t&is document.
1. In t&e Microsoft ISA Ser!er Mana%ement console tree+ e/$and t&e Conigur!tion
node and select ener!l.
2. In t&e details $ane+ select Speci# 3i!l-up "reerences.
3. Select Allow !uto!tic di!ling to t(is network+ and select t&e net'or to '&ic&
you 'ill set u$ an automatic dial*u$ connection. In t&e case of usin% a dial*u$
connection for Internet access+ s$ecify t&e /ternal net'or.
-
7/26/2019 Secure Internet Access
26/26
Filename: 259565963.doc 26
#. If t&e dial*u$ connection is t&e $rimary 'ay you connect to t&e Internet+ select
Conigure t(is di!l-up connection !s t(e de!ult g!tew!#.
5. ,nder 3i!l-up connection+ in 'se t(e ollowing di!l-up connection+ $ro!ide
t&e name of t&e dial*u$ connection+ or locate it y clicin% Select.
6. If t&e dial*u$ connection is associated 'it& a s$ecific user account+ $ro!ide t&e user
name and $ass'ord under 3i!l-up !ccount y clicin% Set Account.
The example companies, organizations, products, domain names, e-mail addresses,
logos, people, places, and events depicted herein are fictitious. No association with any
real company, organization, product, domain name, e-mail address, logo, person,
places, or events is intended or should be inferred.
Information in this document, including U! and other Internet website references, is
sub"ect to change without notice. Unless otherwise noted, the example companies,
organizations, products, people, and events depicted herein are fictitious and no
association with any real company, organization, product, person, or event is intended
or should be inferred. #omplying with all applicable copyright laws is the responsibilityof the user. $ithout limiting the rights under copyright, no part of this document may
be reproduced, stored in or introduced into a retrieval system, or transmitted in any
form or by any means %electronic, mechanical, photocopying, recording, or otherwise&,
or for any purpose, without the express written permission of 'icrosoft #orporation.
'icrosoft may have patents, patent applications, trademar(s, copyrights, or other
intellectual property rights covering sub"ect matter in this document. )xcept as
expressly provided in any written license agreement from 'icrosoft, the furnishing of
this document does not give you any license to these patents, trademar(s, copyrights,
or other intellectual property.
H*++ 'icrosoft #orporation. ll rights reserved.
'icrosoft, ctive irectory, /utloo(, $indows, $indows 'edia, and $indows NT are
either registered trademar(s or trademar(s of 'icrosoft #orporation in the United
0tates and1or other countries1regions.
8o you &a!e comments aout t&is document> Send feedac.
mailto:[email protected]:[email protected]