Creating Server Publishing Rules
In addition to the capability to secure RPC traffic and custom-defined services traffic, ISA Server 2004 also contains several other default server publishing rules that can be used to secure commonly used services. It is important to understand what these services are and how they can be secured with ISA Server.
Outlining Default Server Publishing Rules in ISA Server
The list of protocols available by default with server publishing rules is extensive and includes the following:DNS ServerExchange RPC ServerFTP ServerHTTPS ServerIKE ServerIMAP4 ServerIMAPS ServerIPSec ESP ServerIPSec NAT-T ServerL2TP ServerMicrosoft SQL ServerMMS ServerNNTP ServerNNTPS ServerPNM ServerPOP3 ServerPOP3S ServerPPTP ServerRDP (Terminal Services) ServerRTSP ServerSMTP ServerSMTPS ServerTelnet Server
With the server publishing rule capabilities that ISA possesses, any one of these services can be secured easily behind an ISA Server.
Creating a Server Publishing Rule
Just as with an RPC Server Publishing rule, an ISA Server Publishing rule is straightforward to set up and configure. The following procedure illustrates how to set up one of these rules. In this case, RDP (Terminal Services) is published from the External network to a server in the Perimeter network via the following procedure:
1. | Open ISA Server Management Console. |
2. | Click on the Firewall Policy node from the console tree. |
3. | In the Tasks tab, click on the link for Create New Server Publishing Rule. |
4. | Enter a descriptive name for the publishing rule and click Next to continue. |
5. | Enter the IP address of the server that will be published, similar to what is shown in Figure 15.11, and click Next to continue.Figure 15.11. Publishing an RDP Server with a server publishing rule. |
6. | From the Select Protocol dialog box, select the server protocol that will be published from the list, in this case RDP (Terminal Services) Server, and click Next to continue. |
7. | Check the box listed for requests from the External network and click Next to continue. |
8. | Click Finish, Apply, and OK to save the rule. |
Defining a Custom Publishing Rule
A good deal of customization can be done on individual server publishing rules and on individual protocols. This enables custom publishing rule scenarios to be implemented and custom protocols to be established. For example, clicking on the Ports button on the Select Protocol dialog box from the Server Publishing step-by-step provided earlier brings up the dialog box shown in Figure 15.12.
Figure 15.12. Customizing server publishing rule port settings.
1. | In ISA Admin Console, click on the Firewall Policy node and select the Toolbox tab from the Tasks pane. |
2. | Click on Protocols. |
3. | Click New, Protocol. |
4. | Enter a description for the protocol and click Next. |
5. | Under the Primary Connection Information field, click the New button. |
6. | In the New/Edit Protocol Connection dialog box, shown in Figure 15.13, enter the type of protocol (TCP or UDP), the direction that it will use (Outbound for access rules and Inbound for server publishing rules) and the port range that is needed. Click OK when finished.Figure 15.13. Defining the port settings for a custom protocol. |
7. | Click Next to continue. |
8. | At the following dialog box, shown in Figure 15.14, select whether to use secondary connections. Based on the type of application required, secondary connections may be necessary. If not, simply click Next to continue.Figure 15.14. Choosing whether to use secondary connections for a custom protocol. |
9. | Click Finish, Apply, and OK to create the protocol. |
Once created, the Protocol can be used for either access rules or server publishing rules, depending on the direction defined in the port settings (outbound versus inbound).