Working with ISA Server 2004 Lockdown Mode
ISA Server 2004 has a new feature known as Lockdown Mode, which enables an ISA Server to continue to function in a limited capacity when the Firewall Service has crashed or has not been enabled yet. This is an important feature to understand when administrating an ISA Server.
Administering and Understanding Lockdown Mode
Lockdown mode enables administrators to access and troubleshoot an ISA Server, in addition to allowing internal clients to continue to have external network access in the event of a problem with ISA Server, while at the same time disabling external network access rules. This has the effect of keeping critical network access intact, while protecting the internal network from denial of service (DoS) or other attacks.
Triggering and Resetting ISA Lockdown Mode
Putting ISA Server 2004 into lockdown mode can be triggered by various mechanisms, based on the sensitivity of the environment and the rules of the organization. For example, a highly sensitive organization prone to major hacking attempts could configure an ISA Server to block all inbound access to the organization when specific types of attacks or port scans take place.To change the parameters for when a server enters lockdown, click on the Configure Alert Definitions link under the Tasks Tab of the Alerts tab in the Monitoring node of the Console. This enables the alert definitions, shown in Figure 16.12, to be shown and modified.