www.itnat.

com

-
- -

Copyright ITNAT.com © 2007, for more information info@itnat.com

www.itnat.com
info@itnat.com

Certificate Services
Certificate Authority
DNS DHCP
Firewall & Web Proxy

2004
Access Policy 2004
Cache
Vpn
GFI WebMonitor
Bandwidth Splitter

Copyright ITNAT.com
www.itnat.com
info@itnat.com

2005

2004

: -
http://www.itnat.com/forum/showthrea...newpost&t=3270

(Microsoft Internet Security and Acceleration Server)

Copyright ITNAT.com
Page 1
www.itnat.com
info@itnat.com

Proxy server
:
2004

Cash Server
.

-
Certificate Services -
Firewall & Web Proxy DNS DHCP -

-
. -
Access Policy. -
. -
Caching -
VPN -

. 1.
. 2.
. 3.
4.
.
. 5.
. 6.

(fmfm )

Copyright ITNAT.com
Page 2
www.itnat.com
info@itnat.com

TCP/IP
.

integrated security edge gateway

2000

:
http -
exe -
-
http -
http -
http. post
. ftp -
-
.
:
ip -
-
-
RADUIS -
-
:
-
-
-
:
-
-
-
-

Copyright ITNAT.com
Page 3
www.itnat.com
info@itnat.com

:
-
-
-
-
caching vpn

Certificate Services
vpn .

Certificate Services

Certificate
SSL Service
hotmail
.

:
. vpn L2TP/IPSec VPN -
vpn L2TP/IPSec VPN -
. SSL -
SSL ( Secure Socket Layer )

. vpn

Copyright ITNAT.com
Page 4
www.itnat.com
info@itnat.com

IIS 6.0

www
Services Administrative Tools 1-
World Wide Web Publishing Service standard 2-

3-

4-
5-

Copyright ITNAT.com
Page 5
www.itnat.com
info@itnat.com

Certificate Authority

(Enterprise Certificate Authority)

CA
Registration
. CA Authority

: Enterprise CA
Trusted Root Certification Authorities 1-
.
2-
Active Directory auto enrollment 3-
CA
.
Enterprise CA
1-
Add/remove windows components 2-
Certificate Services 3-
. yes
Windows Components Next 4-
Next Enterprise root CA CA Type 5-

Copyright ITNAT.com
Page 6
www.itnat.com
info@itnat.com

Common Name for CA CA identifying Information 6-

NetBIOS DNS Host this CA
7-
.
Certificate Database Settings 8-
.
. IIS 9-
10-
Finish 11-

AD Enterprise CA
Web enrollment . Certificate mmc snap-in

Firewall DNS DHCP

& Web Proxy

WPAD (Web Proxy Auto discovery Protocol)

:
DHCP WPAD -
DNS WPAD -
DNS DHCP wpad

2004

DHCP WPAD

DHCP
Set Administrative Tools DHCP 1-
Predefined Options.

Copyright ITNAT.com
Page 7
www.itnat.com
info@itnat.com

Predefined Options and Values 2-

3-
Name: wpad
Data type: String
Code: 252
Description : wpad entry

Copyright ITNAT.com
Page 8
www.itnat.com
info@itnat.com

string Value 4-

Server name:Atodiscovery port number/wpad.dathttp://Isa

http://isalocal.msfirewall.org:80/wpad.dat

Lower case. wpad

Copyright ITNAT.com
Page 9
www.itnat.com
info@itnat.com

Configure options Scope options 5-

. wpad 6-

wpad DHCP 7-

Copyright ITNAT.com
Page 10
www.itnat.com
info@itnat.com

DHCP
wpad

DNS WPAD

DNS wpad
DHCP
.

. DNS

DNS wpad -

(alias ) wpad DNS

Host(A) (CNAME record )
.

(A)
. (A) DNS

DNS

DNS DNS Administrative Tools 1-

New Alias Forward lookup zone
(CNAME).

browse wpad 2-

Copyright ITNAT.com
Page 11
www.itnat.com
info@itnat.com

3-

Copyright ITNAT.com
Page 12
www.itnat.com
info@itnat.com

. Forward Lookup Zone 4-

5-

Copyright ITNAT.com
Page 13
www.itnat.com
info@itnat.com

OK New Resource Record 6-

DNS (CNAME) 7-

Copyright ITNAT.com
Page 14
www.itnat.com
info@itnat.com

8-

WPAD

wpad -
wpad -
-

DNS DNS
(Host Name and Domain Name )

DNS.

DNS wpad

DHCP -
. -

Active Directory
Active Directory (
):

Copyright ITNAT.com
Page 15
www.itnat.com
info@itnat.com

My Computer 1-

Change 2-

Copyright ITNAT.com
Page 16
www.itnat.com
info@itnat.com

More 3-

DNS. 4-

Copyright ITNAT.com
Page 17
www.itnat.com
info@itnat.com

(CNAME) wpad
DNS.

(Auto Discovery)

1-
.

Lan Settings. Connections 2-

OK. Automatically Detect Settings 3-

DHCP DNS
.

Copyright ITNAT.com
Page 18
www.itnat.com
info@itnat.com

IP (IP Addresses ).

(LAT )

.
DNS DHCP Active Directory
RADIUS WINS
.
(System Policy )

. 1-

Copyright ITNAT.com
Page 19
www.itnat.com
info@itnat.com

Install ISA Server 2004 2-

) 3-

Copyright ITNAT.com
Page 20
www.itnat.com
info@itnat.com

. 4-

C Custom 5-

6-
Firewall Client Installation Share (Message Screener )

. IIS 6.0 SMTP

Copyright ITNAT.com
Page 21
www.itnat.com
info@itnat.com

7-
Add LAT

Copyright ITNAT.com
Page 22
www.itnat.com
info@itnat.com

Select Network Adapter 8-

Add the following private range 9-

Add address range based on the windows

Copyright ITNAT.com
Page 23
www.itnat.com
info@itnat.com

10-

Internal Network Address Range 11-

12-

13-
.

Copyright ITNAT.com
Page 24
www.itnat.com
info@itnat.com

14-

. 15-

Copyright ITNAT.com
Page 25
www.itnat.com
info@itnat.com

Start>All Programs> MS ISA server> ISA server management 1-

2-
view Show System Policy Rules Firewall Policy

Copyright ITNAT.com
Page 26
www.itnat.com
info@itnat.com

Task Pane ( 3-
2000

System Policy Rules

Rules
Order Number
Name
) Action (
Protocols
) From (
) To (
) Condition (

4-

Copyright ITNAT.com
Page 27
www.itnat.com
info@itnat.com

:
VPN 1
vpn 2
3

Copyright ITNAT.com
Page 28
www.itnat.com
info@itnat.com

4-
. NTFS

2004
:

:
-
-
-
-
-
-

Copyright ITNAT.com
Page 29
www.itnat.com
info@itnat.com

Back up 1-

backup 2-

3-
.

4-

Copyright ITNAT.com
Page 30
www.itnat.com
info@itnat.com

Restore 1-

restore 2-

3-

4-

Copyright ITNAT.com
Page 31
www.itnat.com
info@itnat.com

Apply 5-

6-

Copyright ITNAT.com
Page 32
www.itnat.com
info@itnat.com

Export Configuration .
: VPN
Export VPN 1-
VPN Clients Configuration .

2-
.

Export 3-

Copyright ITNAT.com
Page 33
www.itnat.com
info@itnat.com

4-

VPN
Import VPN 1-
VPN Clients Configuration .

2-

3-

. Apply 4-
VPN
2004.

Copyright ITNAT.com
Page 34
www.itnat.com
info@itnat.com

Access Policy 2004

Access :
Policy
.

:
Access Rules -
Publishing Rules -

.
VPN

ftp
.

Copyright ITNAT.com
Page 35
www.itnat.com
info@itnat.com

FTP HTTP Limited Web Access

user2

Copyright ITNAT.com
Page 36
www.itnat.com
info@itnat.com

network templates
)

1-
Firewall Policy

2-
Disable

3-

Copyright ITNAT.com
Page 37
www.itnat.com
info@itnat.com

4-

HTTPS HTTP
.
Limited Access Web Users

Copyright ITNAT.com
Page 38
www.itnat.com
info@itnat.com

Firewall Policy 1-
. Tasks

Limited Users Web Access 2-

3-
4-
HTTP
HTTPS

Copyright ITNAT.com
Page 39
www.itnat.com
info@itnat.com

5-

. 6-

Copyright ITNAT.com
Page 40
www.itnat.com
info@itnat.com

7-

Domain Name Set 8-

*.microsoft.com 9-
*.windows.com *.hotmail.com *.msn.com
. Microsoft

Copyright ITNAT.com
Page 41
www.itnat.com
info@itnat.com

10-
.

All Users 11-

12-

13-

Copyright ITNAT.com
Page 42
www.itnat.com
info@itnat.com

Location 15-

firewall.org) 16-
.

User2 17-
.

18-

19-

Limited Web Users 20-

Limited Web Users 21-

. 22-

Copyright ITNAT.com
Page 43
www.itnat.com
info@itnat.com

. IRC
IRC.

access new 1-
rule

Administrator Internet Access 2-

3-

All protocols This rule applies to 4-

except selected

Copyright ITNAT.com
Page 44
www.itnat.com
info@itnat.com

IRC Instant messaging 5-

6-

7-
Internal

8-

External 9-
.
10-

Copyright ITNAT.com
Page 45
www.itnat.com
info@itnat.com

11-
Administrators 12-

Windows users and groups 13-

14-

15-

Enter the object names to select 16-

.

17-

Copyright ITNAT.com
Page 46
www.itnat.com
info@itnat.com

18-

Administrators 19-

20-

21-

DNS DNS

DNS
. DNS

DNS

.
:

Copyright ITNAT.com
Page 47
www.itnat.com
info@itnat.com

Access Rule 1-

DNS Servers 2-

3-
This rule applies to 4-
DNS Infrastructure 5-

6-
Computer Set 7-
computer 8-

Copyright ITNAT.com
Page 48
www.itnat.com
info@itnat.com

DNS1 New Computer Rule Element 9-

10-
DNS Computer sets 11-
Servers

12-

External 13-

14-

15-

16-

HTTP

Copyright ITNAT.com
Page 49
www.itnat.com
info@itnat.com

HTTP
Kaaza
.
HTTP
Kaaza .

1-
Configure HTTP Administrator Internet Access 2-

Signatures HTTP 3-
Signatures 4-
Request URL Kaaza URL 5-
. Kaaza

6-

Copyright ITNAT.com
Page 50
www.itnat.com
info@itnat.com

Limited Access Users 7-

8-

1-

Copyright ITNAT.com
Page 51
www.itnat.com
info@itnat.com

. User2 2-

. 3-
www.msn.com 4-

www.itnat.com/kaaza 5-
.

6-

Copyright ITNAT.com
Page 52
www.itnat.com
info@itnat.com

Cache
Caching -

.
.

Forward Caching

HTTP HTTPS FTP

Reverse Caching

Headers

:
: No Cache -
: Private -

Copyright ITNAT.com
Page 53
www.itnat.com
info@itnat.com

- pragme: No Cache
- www-authenticate
- set-cookie
-
-
:
cache configuration -
-
HTTP -
. HTTP

HTTP -
HTTP Custom settings -
.
FTP FTP -
) 1440

Copyright ITNAT.com
Page 54
www.itnat.com
info@itnat.com

Active Caching -
.
Advanced
.

. HTTP
. HTTP

.
.

Copyright ITNAT.com
Page 55
www.itnat.com
info@itnat.com

Vpn
VPN

VPN 2004
VPN
.

VPN

VPN

Virtual Private Networks (VPN) 1-

Enable VPN Client Access 2-

3-
4-
Configure VPN Client Access 5-
Maximum number of VPN clients allowed General 6-

Copyright ITNAT.com
Page 56
www.itnat.com
info@itnat.com

7-

msfirewall.org 8-

Check Names Domain Users 9-

.

L2TP/IPSEC 10-

Enable User Mapping. User Mapping 11-

When user name does not contain a domain, use this domain
. msfirewall.org

Copyright ITNAT.com
Page 57
www.itnat.com
info@itnat.com

. 12-

VPN
VPN VPN

. Firewall Policy 1-
VPN Client to Internet 2-
3-
This rule applies to 4-

VPN Clients 5-
.

Copyright ITNAT.com
Page 58
www.itnat.com
info@itnat.com

6-

Access Rule Destination 7-

8-
9-
10-

Dial-Up

Native

Active Directory Administrative Tools Domain Controller 1-

Users and Computers

2-
Administrator

VPN Dial-Up 3-

4-

Copyright ITNAT.com
Page 59
www.itnat.com
info@itnat.com

VPN
VPN
My Network Places 2000 1-

2-
3-
4-
5-
6-
7-
ISAVPN 8-
9-

: MSFIREWALL\Administrator

MSFIREWALL
Administrator
MPPE 128 VPN Server 10-
.

Copyright ITNAT.com
Page 60
www.itnat.com
info@itnat.com

11-

. \\Exchange2003be
VPN
.

GFI WebMonitor

:
http://www.gfi.com/webmon/

:
http://www.gfi.com/webmon/webmonreviews.htm

:
PDF

GFI WebMonitor

BitDefender.
BitDefender GFI WebMonitor
100% BitDefender ICSA

Kaspersky.

Kaspersky
.

Copyright ITNAT.com
Page 61
www.itnat.com
info@itnat.com

.
GFI WebMonitor
GFI
. WebMonito
.

.
GFI
.
. ISA blocking

.
HTTP .

. GFI WebMonitor

.
GFI WebMonitor
.

Copyright ITNAT.com
Page 62
www.itnat.com
info@itnat.com

Copyright ITNAT.com
Page 63
www.itnat.com
info@itnat.com

Copyright ITNAT.com
Page 64
www.itnat.com
info@itnat.com

Bandwidth Splitter
:

: Bandwidth Splitter

http://www.bsplitter.com/:
:
Bandwidth Splitter v.1.13 for ISA Server 2000
Bandwidth Splitter v.1.05 for ISA Server 2004/2006

http://www.bsplitter.com/resellers.aspx

Copyright ITNAT.com
Page 65
www.itnat.com
info@itnat.com

.
).
TCP/UDP FTP ( HTTP, HTTPS
TCP/UDP ISA 2004/2006 SNAT) FWC (
router. NAT ISA Server DMZ servers
.
( AD)
.

).
.
.
.

.
.

.
.
.
ISA Server
.
.
.
.
.
.

.
ISA Server Bandwidth Splitter

Copyright ITNAT.com
Page 66
www.itnat.com
info@itnat.com

ISA Server.
: Bandwidth Splitter
HTTP, HTTPS and FTP.
TCP/UDP. Firewall
TCP/UDP. SecureNAT
published servers.
.
.
ISA Server routed TCP/UDP ISA 2004/2006
DMZ servers.

: Bandwidth Splitter
TCP/UDP .
. Local Host ISA 2004/2006
DMZ Routed IP ISA 2000 :

www.itnat.com

Copyright ITNAT.com
Page 67