ISA Server 2004 UNLEASHED [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

ISA Server 2004 UNLEASHED [Electronic resources] - نسخه متنی

Michael Noel

نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
افزودن یادداشت
افزودن یادداشت جدید






Configuring Existing Firewalls to Utilize ISA Server 2004 Reverse Proxy


For various reasons, it may not be feasible or desired to replace an existing firewall with an ISA Server firewall. In these circumstances, the ISA Server can still be utilized for reverse proxy capabilities, and it can be deployed in the DMZ of the existing firewall.

What this effectively means is that ISA Server effectively can be treated as an isolated web server from the firewall's perspective. The configuration steps on the packet-filter firewall are therefore straightforward.

Understanding Packet-Filter Firewall Configuration for ISA Server Publishing


Simply opening the proper port (HTTP and/or SSL) to the ISA Server, and then from the ISA server to the Internal web server, is all that is necessary. For example, the following rule illustrates the firewall rules that would be set up on the packet-filter firewall shown in Figure 7.4

NAT 12.155.166.151 to 172.16.1.10

Allow 443 from External to 172.16.1.10

Allow 443 from 172.16.1.10 to 10.10.10.20


Figure 7.4. Examining the Listener Networks tab.

Each firewall product will have a different way of configuring rules. Consult the product documentation for information on how to set these up.

Isolating and Securing an ISA Security Appliance


This concept drives home the real benefit of ISA in the DMZ, isolating and protecting the web services from direct physical access from the Internet. In this design, even if an attacker were able to compromise and overcome the ISA server, he or she would be isolated in the DMZ of the firewall, and able to communicate over only a single port to a single server in the internal network. This adds another security layer into an already secure environment, and enables ISA to scan the traffic at the Application layer, adding yet another layer of security.


/ 191