ISA 2000 - Firewall

ISA Server 2000 Feb 9, 2025

Applying the Security Templates, once you apply these, you can’t go back.

Security Templates
Security Templates

securwiz.log in ISA program files directory lists changes made by security template.

Level Servers Domain Controller Features
Dedicated HISECWS.INF HisecDC.INF Standalone Firewall
Limited Services SECUREWS.INF SecureDc.INF Firewall and Cache
Secure BasicSv.INF BasicDc.INF Multifunction machine

Simple Firewall Design

Two network cards, one internal, one external.

Back to Back Perimeter Firewall Design

Two ISA servers. DMZ network in between the ISA servers.

Three Homed Perimeter Firewall Design

Third network card is used for DMZ network. DMZ addresses are not in LAT.

Network Adapters
Network Adapters
  1. web-proxy service: only allows web traffic
  2. firewall service-proxy: any TCP/UDP traffic from clients, proxied by ISA server
  3. firewall service-routing: passes packets between the internet and clients 
  • Packet Filter (Off) IP Routing (Off): ISA can proxy for clients, no protection for ISA server, only used on leased lines
  • Packet Filter (On) IP Routing (Off): Most common if external access is not required
  • Packet Filter (On) IP Routing (On): DMZ network
  • Packet Filter (Off) IP Routing (On): Not recommended, routing between networks without security, built-in doesn’t need ISA server.
IP Packet Filters Properties
IP Packet Filters Properties
IP Packet Filters
IP Packet Filters
Filter Settings
Filter Settings
Application Filters
Application Filters

Tags

Craig Garnham

Recommended for you