List of Figures - Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] - نسخه متنی

Thomas W. Shinder; Debra Littlejohn Shinder

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید




List of Figures

Chapter 1: Evolution of a Firewall: From Proxy 1.0 to ISA 2004

Figure 1.1: Three Layers of Filtering with OSI Networking

Figure 1.2: Distributed Caching Uses Multiple Servers at the Same Level of the Network.

Figure 1.3: Hierarchical Caching Uses Multiple Web Proxy Servers at Different Levels

Figure 1.4: Hybrid Caching Combines Distributed and Hierarchical Caching Methods

Figure 1.5: Ring 1 represents the Internet edge

Figure 1.6: The Backbone Edge

Figure 1.7: The Asset Network Edge

Figure 1.8: Host-based Security Ring

Chapter 2: Examining the ISA Server 2004 Feature Set

Figure 2.1: The ISA 2000 Interface - A Simple MMC

Figure 2.2: The ISA Server 2004 Management GUI - A Handy Three-part Tabbed Interface

Figure 2.3: The ISA Server 2003 Getting Started Guide - Installation Instructions and a Features Walk-through

Figure 2.4: Selecting the ISA Server Name - Left Pane Displays Getting Started Page

Figure 2.5: The Dashboard - A Big Picture View of All Monitoring Areas at One Glance

Figure 2.6: The Alerts Tab Notifies You of Significant Events That Occur on the ISA Server

Figure 2.7: Using the Sessions Tab -View Information About Who Has Connected Through the ISA Server Firewall

Figure 2.8: The Services Tab - Stop and Start ISA-related Services

Figure 2.9: The Reports Tab - Generate Reports from the Logs

Figure 2.10: The Connectivity Tab - Monitor Connectivity Status Between the ISA Server and a Specific Computer or URL

Figure 2.11: The Logging Tab - Filter and Query Data in the ISA Log Files

Figure 2.12: Firewall Policy - Configure Rules

Figure 2.13: New Access Wizard - Create New Access and Publishing Rules

Figure 2.14: Virtual Private Networks Node to Configure VPNs

Figure 2.15: The Networks Tab - Configure Networks, Network Sets, Network Rules and Web Chaining

Figure 2.16: The Cache Subnode - Configure or Disable Caching on your ISA Server

Figure 2.17: The Add-ins Node - Configure Application and Web Filters

Figure 2.18: The General subnode is used for general administrative and advanced security tasks

Figure 2.19: You can connect to multiple ISA Server firewalls simultaneously with the management console

Figure 2.20: Use Connect To Dialog Box to Add Remote ISA Server to Management Console

Figure 2.21: Use System Policy Editor to Configure Remote Management Computers

Figure 2.22: Add A Computer, Address Range or Subnet to List of Remote Management Computers

Figure 2.23: With Terminal Services or the RDC Client, the ISA Servers Desktop Appears in the Desktop Window

Figure 2.24: Third-Party Vendors Provide Web Interfaces for ISA-based Firewall Appliances

Figure 2.25: ISA Server 2004 Makes it Easy to Create New Protocol Definitions

Figure 2.26: ISA Server 2004 - Providing Great Flexibility in Defining Network Objects

Figure 2.27: Changing the Order in which Access and Publishing Rules are Processed

Figure 2.28: ISA 2004 Wizard for Publishing SSL Web Sites

Figure 2.29: Cache Rules in ISA 2000

Figure 2.30: Creating A Cache Rule in ISA Server 2004

Figure 2.31: ISA Server 2004 - You can Select Not to Cache SSL Content

Figure 2.32: Monitor Logs in Real Time with ISA Server 2004

Figure 2.33: The Sessions Feature - View All Active Connections Through the Firewall

Figure 2.34: Configure Filters to Limit Query Results

Figure 2.35: With ISA Server 2004, You Can Change the Time when the Log Summaries are Generated

Chapter 4: ISA 2004 Network Concepts and Preparing the Network Infrastructure

Figure 4.1: Ring 1: Internet Edge

Figure 4.2: Ring 2: The Backbone Edge

Figure 4.3: Ring 3 at the Asset Network Edge

Figure 4.4: Ring 4: Host-based Security

Figure 4.5: Backbone and Asset Network

Figure 4.6: DMZ Firewall Segment

Figure 4.7: Lab Network Details

Figure 4.8: VMware Workstation Window

Figure 4.9: Guest Operating System Page

Figure 4.10: Name the Virtual Machine Page

Figure 4.11: Memory for the Virtual Machine Page

Figure 4.12: Network Type Page

Figure 4.13: Specify Disk Capacity Page

Figure 4.14: Hardware Type Page

Figure 4.15: The Hardware Type page

Figure 4.16: Selecting an .iso image

Figure 4.17: Starting the Virtual Machine

Figure 4.18: Entering IP Addressing Information

Figure 4.19: Entering IP Addressing Information

Figure 4.20: Entering a WINS Server Address

Figure 4.21: Entering IP Addressing Information

Figure 4.22: ISA Firewall Multinetworking

Figure 4.23: Configuring a Web Proxy Listener on the Local Host Network

Figure 4.24: Defining the Internal Network Addresses

Figure 4.25: Adding Private Network Addresses

Figure 4.26: Adding Addresses via the Routing Table

Figure 4.27: Entering an Address Range

Figure 4.28: Entering Local Domains

Figure 4.29: Domain Extending Across Internal Networks

Figure 4.30: Configuring Domains for Web Proxy Direct Access

Figure 4.31: The Web Proxy tab

Figure 4.32: Defining the Network Type

Figure 4.33: Selecting a Network Adapter

Figure 4.34: The New Network Appears in the List of Networks

Figure 4.35: Defining a Route Relationship

Figure 4.36: Defining Network Sets

Figure 4.37: Creating a New Network Set

Figure 4.38: Creating a New Computer Object

Figure 4.39: Creating a New Address Range Network Object

Figure 4.40: Creating a new Subnet Network Object

Figure 4.41: Creating a New Network Set Network Object

Figure 4.42: Creating a new URL Set Network Object

Figure 4.43: Creating a New Domain Name Set Network Object

Figure 4.44: Viewing the New Domain Name Set

Figure 4.45: Defining the IP addresses

Figure 4.46: Selecting the Network Adapter

Figure 4.47: Route Relationships in a Network behind a Network

Figure 4.48: Network Diagram for Back Firewall Template

Figure 4.49: Network Diagram for Edge Firewall Template

Figure 4.50: Selecting a Firewall Policy

Figure 4.51: Defining the IP addresses

Figure 4.52: Network Monitor Trace of DHCP Conversation

Figure 4.53: Selecting the VPN protocol

Figure 4.54: Back-end Network within a Network

Figure 4.55: A SecureNAT Client Connecting to a Network within a Network

Figure 4.56: Firewall Client Paths through Local and non-Local Networks

Figure 4.57: Log Files Showing Firewall Client and SecureNAT Client Connections

Figure 4.58: Using an Alternate Default Gateway Address for On Subnet Hosts

Figure 4.59: WebProxyChaining.vsd

Figure 4.60: A Web-cached Array Configured for an Organization

Figure 4.61: Configuring the Request Action

Figure 4.62: Routing to the Upstream Web Proxy

Figure 4.63: Setting Credentials

Chapter 5: ISA 2004 Client Types and Automating Client Provisioning

Figure 5.1: SecureNAT Simple Network Scenario

Figure 5.2: SecureNAT Complex Network Scenario

Figure 5.3: FTP Standard Mode Client/Server Communications

Figure 5.4: SecureNAT Loop Back

Figure 5.5: A Split DNS Solves the SecureNAT Paradox

Figure 5.6: Firewall Name Resolution Sequence

Figure 5.7: Firewall Client Connections to the ISA 2004 Firewall are Independent of the Default Gateway Configurations on Interposed Routers

Figure 5.8: Installing the Firewall Client Installation Files

Figure 5.9: Firewall Client Icon

Figure 5.10: The Internal Network Properties Dialog Box

Figure 5.11: The Domains Tab

Figure 5.12: The Domain Properties Dialog Box

Figure 5.13: The Firewall Client Configuration Dialog box

Figure 5.14: The Detecting ISA Server Dialog Box

Figure 5.15: The Detecting ISA Server Dialog Box

Figure 5.16: Firewall Client Packet Traces

Figure 5.17: Firewall Client Configuration Files

Figure 5.18: The Define Firewall Client Settings link

Figure 5.19: The Firewall Client Settings Dialog Box

Figure 5.20: Apply Changes to Firewall Configuration

Figure 5.21: The Authentication Dialog Box

Figure 5.22: The Authentication Dialog Box.

Figure 5.23: The Add RADIUS Server Dialog Box.

Figure 5.24: The Connections to other Access Servers Properties Dialog Box

Figure 5.25: Advanced Settings

Figure 5.26: Locating the Authorize Command

Figure 5.27: Configuring the DHCP Scope IP Address Range

Figure 5.28: Configuring the Default Domain Name for DHCP Clients

Figure 5.29: Viewing the Scope Options

Figure 5.30: Selecting the Set Predefined Options Command

Figure 5.31: The Predefined Options and ValuesDialog Box

Figure 5.32: The Option Type Dialog Box

Figure 5.33: Predefined Options and Values Dialog Box

Figure 5.34: The Scope Options Dialog Box

Figure 5.35: Accessing the Internal Network Properties Dialog Box

Figure 5.36: Viewing the DHCPINFORM Request

Figure 5.37: Viewing the contents of the DHCPINFORM request

Figure 5.38: Viewing the WPAD DNS Query

Figure 5.39: Selecting the New Alias (CNAME) Command

Figure 5.40: The New Resource Record Dialog Box

Figure 5.41: New Resource Dialog Box

Figure 5.42: Viewing the DNS WPAD Alias

Figure 5.43: The Identification Changes Dialog Box

Figure 5.44: The DNS Suffix and NetBIOS Computer Name Dialog Box

Figure 5.45: Viewing Scope Options

Figure 5.46: DHCP client configuration

Figure 5.47: Accessing the Internal Network Properties Dialog Box

Figure 5.48: Viewing DNS wpad Query Requests

Figure 5.49: Viewing the Details of a DNS wpad Query Request

Figure 5.50: Internal Properties Dialog Box.

Figure 5.51: Web Browser Tab on the Internal Properties Dialog Box

Figure 5.52: The Add Server Dialog Box

Figure 5.53: Entering the Installer Path

Figure 5.54: Choosing the Assigned Option

Figure 5.55: Managed Software

Figure 5.56: Logging On

Chapter 6: Installing and Configuring the ISA Firewall Software

Figure 6.1: Network within a Network

Figure 6.2: The Miracle of the Split-DNS Infrastructure

Figure 6.3: The Advanced Settings Dialog Box

Figure 6.4: The Setup Type Page

Figure 6.5: The Custom Setup Page

Figure 6.6: The Internal Network Address Page

Figure 6.7: The Select Network Adapter Page

Figure 6.8: Warning Dialog Box Reminding You that the Routing Table must be Properly Configured

Figure 6.9: Internal Network Address Ranges

Figure 6.10: The Firewall Client Connection Settings Page

Figure 6.11: Warning Dialog Box regarding a Potential System Restart

Figure 6.12: The ISA Firewalls System Policy Editor

Figure 6.13: The Internal Network Definition on the Unihomed ISA Firewall

Figure 6.14: The Physical Relationships between the ISA Server 2004 Firewall and the Internal and External Networks.

Figure 6.15: The Advanced Settings Dialog Box

Figure 6.16: The Forwarders Tab

Figure 6.17: The Reverse Lookup Zone Name Page

Figure 6.18: The Zone File Page

Figure 6.19: The Forwarders Tab

Figure 6.20: Disabling Recursion

Figure 6.21: The Networking Services Dialog Box

Figure 6.22: The Custom Setup Page

Figure 6.23: The Select Network Adapter Page

Figure 6.24: The Add Protocols Dialog Box

Figure 6.25: The Protocols Page

Figure 6.26: Selecting the Computer Command

Figure 6.27: Selecting the New Computer Object

Figure 6.28: The Resulting Firewall Policy

Figure 6.29: The Internet Protocol (TCP/IP) Properties Dialog Box

Figure 6.30: DNS Queries in Network Monitor Trace

Figure 6.31: DNS Domains Cached by the Caching-only DNS Server on the ISA Firewall

Figure 6.32: The Connection Limits Dialog Box

Figure 6.33: Registry Key for DHCP Attack Prevention

Figure 6.34: Network Monitor Capture of a DHCP Offer Packet

Figure 6.35: An Invalid DHCP Offer Alert

Figure 6.36: The Renew DHCP Addresses Warning

Chapter 7: Creating and Using ISA 2004 Firewall Access Policy

Figure 7.1: the Rule Action page

Figure 7.2: The Protocols page

Figure 7.3: the Add Protocols dialog box

Figure 7.4: the Add Network Entities dialog box

Figure 7.5: The User Sets page

Figure 7.6: The Action tab

Figure 7.7: The Protocols tab

Figure 7.8: the Source Ports dialog box

Figure 7.9: The From tab

Figure 7.10: The To Tab

Figure 7.11: The Users tab

Figure 7.12: The Schedule tab

Figure 7.13: The Content Types tab

Figure 7.14: The Configure RPC Protocol Policy Dialog Box

Figure 7.15: The Configures FTP Protocol Policy Dialog Box

Figure 7.16: The New URL Set Rule Element dialog box

Figure 7.17: The URL Sets list

Figure 7.18: The New Domain Set Policy Element dialog box

Figure 7.19: the Domain Name Sets list

Figure 7.20: Saving the information

Figure 7.21: Finishing the procedure

Figure 7.22: URL Set entries

Figure 7.23: Domain Name Set Properties

Figure 7.24: Help information for the isa_tpr.js script

Figure 7.25: Running the isa_tpr.js script to add a port to the SSL tunnel port range

Figure 7.26: Using Steven Soekrasnos .NET Tunnel Port Range extension application

Figure 7.27: A 407 response is returned to the Web proxy client

Figure 7.28: Firewall Policy to block MSN Messenger

Figure 7.29: The Signature dialog box

Figure 7.30: Log file entries showing the HTTP Security Filter blocking the MSN Messenger connection

Figure 7.31: The sample public address DMZ segment

Figure 7.32: Public access network allows for NAT hiding

Figure 7.33: New Network Wizard

Figure 7.34: The Select Network Adapters dialog box

Figure 7.35: the New Server Publishing Rule Wizard

Figure 7.36: Selecting IP addresses that will listen for requests

Figure 7.37: The New Computer Rule Element

Figure 7.38: The New Access Rule Wizard

Figure 7.39: The Firewall Policy

Figure 7.40: Commands supported by the SMTP server

Figure 7.41: Results of nslookup command

Figure 7.42: Log monitor entries

Figure 7.43: Basic network configuration for trihomed DMZ

Figure 7.44: Configuring the Network Relationship

Figure 7.45: Creating a new Protocol Definitions

Figure 7.46: Configure the Primary Connection for the Protocol Definition

Figure 7.47: Firewall Policy

Figure 7.48: Log file entries showing communications between member server and domain controller

Chapter 8: Publishing Network Services with ISA 2004 Firewalls

Figure 8.1: The Select Rule Action Page

Figure 8.2: The Define Website to Publish Page

Figure 8.3: HTTP Headers Seen on the External Interface of the ISA Firewall

Figure 8.4: HTTP Headers Seen on the Published Web Server when Original Host Header is not Forwarded

Figure 8.5: HTTP Headers Seen on the Published Web Server when Forwarding the Original Host Header

Figure 8.6: The Public Name Details Page

Figure 8.7: The IP Addresses Page

Figure 8.8: The External Network Listener IP Selection Dialog Box

Figure 8.9: The Port Specification Page

Figure 8.10: The Preferences Tab

Figure 8.11: The Authentication Dialog Box

Figure 8.12: Tthe Advanced Settings Dialog Box

Figure 8.13: The User Sets Page

Figure 8.14: The General Tab.

Figure 8.15: The Action Tab

Figure 8.16: The From Tab

Figure 8.17: The To Tab

Figure 8.18: The Traffic Tab

Figure 8.19: The Listener Tab

Figure 8.20: The Public Name Tab

Figure 8.21: The Paths Tab

Figure 8.22: The Path Mapping Dialog Box

Figure 8.23: Redirecting to the Web Root Using a Path

Figure 8.24: Mapping the OWA Web Site Root to the Exchange Folder

Figure 8.25: The Bridging Tab

Figure 8.26: The Users Tab

Figure 8.27: The Schedule Tab

Figure 8.28: The Link Translation Tab

Figure 8.29: SSL-to-SSL bridging

Figure 8.30: The Publishing Mode Page

Figure 8.31: The Select Rule Action Page

Figure 8.32: The Bridging Mode Page

Figure 8.33: The Define Website to Publish Page

Figure 8.34: The Public Name Details Page

Figure 8.35: The Select Web Listener Page

Figure 8.36: The IP Addresses Page

Figure 8.37: The External Network Listener IP Selection Page

Figure 8.38: The Port Specification Page

Figure 8.39: The Select Certificate Dialog Box

Figure 8.40: The Certificate Appears on the Port Specification Page

Figure 8.41: The Select Web Listener Page

Figure 8.42: The Select Protocol Page

Figure 8.43: The General Tab

Figure 8.44: The Action Tab

Figure 8.45: The Traffic Tab

Figure 8.46: The From Tab

Figure 8.47: The To Tab

Figure 8.48: The Networks Tab

Figure 8.49: The Schedule Tab

Figure 8.50: The New/Edit Protocol Connection dialog box

Figure 8.51: The new HTTP Server Protocol Definition

Figure 8.52: The Select Access Type Page

Figure 8.53: The Select Services Page

Figure 8.54: The Specify the Web Mail Server page

Figure 8.55: The Public Name Details Page

Figure 8.56: The Select Services Page

Figure 8.57: Firewall Policy after Running the Mail Server Publishing Wizard

Figure 8.58: The Configure Exchange RPC Policy Dialog Box

Chapter 9: Creating Remote Access and Site-to-Site VPNs with ISA Firewalls

Figure 9.1: The Enable VPN Client Access link

Figure 9.2: The General Tab

Figure 9.3: The Groups Tab

Figure 9.4: The Protocols Tab

Figure 9.5: The User Mapping tab

Figure 9.6: Select and Configure Access Networks Options

Figure 9.7: The Address Assignment Tab

Figure 9.8: A Network Warning Dialog Box.

Figure 9.9: The Name Resolution Dialog Box

Figure 9.10: The Authentication Tab

Figure 9.11: Virtual Private Networks Properties

Figure 9.12: The Add Network Entities Dialog Box

Figure 9.13: VPN Client Policy

Figure 9.14: The account dial-in tab

Figure 9.15: Controlling permission via Remote Access Policy

Figure 9.16: The Groups Tab

Figure 9.17: Details of PPTP connection

Figure 9.18: L2TP/IPSec Connection Details

Figure 9.19: The Monitor VPN Clients Link

Figure 9.20: The ISA Firewall Dashboard

Figure 9.21: Log File Entries for the VPN Client Connection

Figure 9.22: The Authentication Tab

Figure 9.23: Enter a pre-shared key on the L2TP/IPSec client

Figure 9.24: Viewing IPSec Information in the IPSec MMC

Figure 9.25: Selecting the VPN Protocol

Figure 9.26: Setting Dial-in Credentials

Figure 9.27: Configuring the IP Address Range for the Remote Site Network

Figure 9.28: The Network Relationship Page

Figure 9.29: The Protocols page

Figure 9.30: The Resulting Firewall Policy

Figure 9.31: Demand Dial Interface Configuration on Local and Remote Sites

Figure 9.32: Configure Dial-in Credentials

Figure 9.33: The New Network Rule

Figure 9.34: The Resulting Firewall Policy

Figure 9.35: Restarting the Routing and Remote Access Service

Figure 9.36: The Dial-in Tab

Figure 9.37: Configuring System Policy

Figure 9.38: The Show/Hide System Policy Rules Button

Figure 9.39: The Advanced Certificate Request Page

Figure 9.40: The Store Certificate in the Local Computer Certificate Store Option

Figure 9.41: The Certificate Path Tab

Figure 9.42: Configuring System Policy

Figure 9.43: Adding the Application Name column

Figure 9.44: Viewing the L2TP/IPSec

Figure 9.45: Configuring the Shared Secret

Figure 9.46: The Authentication Method Page

Figure 9.47: The Smart Card or other Certificate Properties Dialog Box

Figure 9.48: The Policy Encrypted Level

Figure 9.49: Changing the Dial-in Permissions

Figure 9.50: The Raise Domain Functional Level

Figure 9.51: Controlling Access via Remote Access Policy

Figure 9.52: Remote Access Policy Properties

Figure 9.53: Enabling the VPN Protocols

Figure 9.54

Figure 9.55: The Add RADIUS Server Dialog Box

Figure 9.56: RADIUS Server Dialog Box

Figure 9.57: The resulting firewall policy

Figure 9.58: Event Viewer Entry

Figure 9.59: Log-On Request Details

Figure 9.60: Log File Entries for VPN RADIUS Authentication

Figure 9.61: VPN Session Appears in Sessions Section

Figure 9.62: RADIUS Messages in Network Monitor Trace

Figure 9.63: Setting EAP Authentication

Figure 9.64: Warning about User Mapping and EAP

Figure 9.65: Enabling User Mapping for EAP Authentication

Figure 9.66: The Security Tab

Figure 9.67: Enabling EAP Authentication

Figure 9.68: The Smart Card or other Certificate Properties Dialog Box

Figure 9.69: Selecting the User Certificate for EAP User Authentication

Figure 9.70

Figure 9.71: The ISA Virtual Private Network (VPN) Identification page

Figure 9.72: The Two-way Communication Page

Figure 9.73: The Options tab on the Demand-dial Interfaces Properties Dialog Box.

Figure 9.74: The Remote Authentication Page

Figure 9.75: The Network Relationship Page

Figure 9.76: The Resulting Firewall Policy

Figure 9.77: Log File Entries from Ping and SMTP Connections

Figure 9.78: Warning Regarding VPN Quarantine and VPN Client Access

Figure 9.79: The Quarantine Tab on the Quarantined VPN Client Properties Page

Chapter 10: ISA 2004 Stateful Inspection and Application Layer Filtering

Figure 10.1: The Custom Setup Dialog Box

Figure 10.2: The System Policy Editor

Figure 10.3: The Message Screener Credentials Dialog Box

Figure 10.4: The SMTP Filter

Figure 10.5: The SMTP Filter Properties Dialog Box

Figure 10.6: The User / Domains Tab

Figure 10.7: The Mail Attachment Rule Dialog Box

Figure 10.8: The Mail Attachment Rule Dialog Box

Figure 10.9: The SMTP Commands Tab

Figure 10.10: The Log Tab

Figure 10.11: The Options Dialog Box

Figure 10.12: The DNS Attacks Tab

Figure 10.13: The SOCKS V4 Filter Properties Dialog Box

Figure 10.14: The Call Control Tab

Figure 10.15: The Networks Tab

Figure 10.16: The General Tab

Figure 10.17: The Methods Tab

Figure 10.18: The Methods Dialog Box

Figure 10.19: The Extensions Tab

Figure 10.20: The Extensions Dialog Box

Figure 10.21: The Headers Tab

Figure 10.22: The Header Dialog Box

Figure 10.23: The Server Header Option

Figure 10.24: The Via Header

Figure 10.25: The Signatures Tab

Figure 10.26: Example Signatures

Figure 10.27: Log File Entries Showing the HTTP Security Filter Blocking a Connection

Figure 10.28: Successful Import Dialog Box

Figure 10.29: Successful Import Dialog Box

Figure 10.30: The Display Filter Dialog Box

Figure 10.31: The Expression Dialog Box

Figure 10.32: The Network Monitor Display Window

Figure 10.33: The Signature Dialog Box

Figure 10.34: Network Monitor Display Showing Kazaa Request Headers

Figure 10.35: Add/Edit Dictionary Text Box

Figure 10.36: Link Translation Tab in Web Publishing Rule Properties

Figure 10.37: The HTTP Properties Dialog Box

Figure 10.38: The HTTP Properties Dialog Box and RSA SecurID Tab

Figure 10.39: The Manage Domain Configuration Dialog Box

Figure 10.40: The OWA Forms-Based Authentication Dialog Box

Figure 10.41: The Common Attacks Tab

Figure 10.42: TCP Uses a Three-Way Handshake to Establish a Connection between Client and Server

Figure 10.43: The DNS Attacks Tab

Figure 10.44: The IP Options Tab

Figure 10.45: The IP Fragments Tab

Figure 10.46: The IP Fragment Filter Warning Dialog Box

Chapter 11: Accelerating Web Performance with ISA 2004 Caching Capabilities

Figure 11.1: How Distributed Caching Works

Figure 11.2: How Hierarchical Caching Works

Figure 11.3: A Hybrid Caching Architecture

Figure 11.4: Setting Maximum Cache Size

Figure 11.5: Configuring Which Content to Cache

Figure 11.6: Creating a New Cache Rule with the Wizard

Figure 11.7: Selecting Destinations to which the Cache Rule will Apply

Figure 11.8: Configuring When to Store Content in Cache

Figure 11.9: Limiting the Size of Objects to be Cached and Caching SSL Responses

Figure 11.10: Enabling HTTP Caching and Setting TTL Configuration

Figure 11.11: Enabling FTP Caching and Setting the TTL Configuration

Figure 11.12: Modifying an Existing Cache Rule

Figure 11.13: Configuring Exceptions to the Destination Network Entities

Figure 11.14: Successfully exporting cache rules to an XML file

Figure 11.15: Selecting an Import File

Figure 11.16: Making Configuration Changes Automatically

Figure 11.17: Enabling Web Proxy Clients

Figure 11.18: Enabling the System Policy Configuration Group

Figure 11.19: Starting or Stopping the Job Scheduler Service from the ISA Console

Figure 11.20: Starting or Stopping the Job Scheduler Service from the Computer Management Console

Figure 11.21: Specifying Content Download Details

Figure 11.22: Configuring Content Caching

Figure 11.23: The New Job Appears in the Content Download Jobs List

Figure 11.24: Modifying the Job Schedule

Chapter 12: Using ISA Server 2004s Monitoring, Logging, and Reporting Tools

Figure 12.1: The Dashboard on an ISA Server 2004 Standard Edition Computer

Figure 12.2: Rolling up Dashboard sections

Figure 12.3: Default Connectivity Status Prior to Creating Connectivity Verifiers

Figure 12.4: Connectivity Status Shown After Creation of Connectivity Verifier

Figure 12.5: The Services Section of the ISA Server 2004 Dashboard

Figure 12.6: The Reports Section of the ISA Server 2004 Dashboard

Figure 12.7: Event Viewer Logs Show the Firewall Service Events Displayed on the Dashboard

Figure 12.8: The Sessions section of the ISA Server 2004 Dashboard (Standard Edition)

Figure 12.9: The System Performance Section of the ISA Server 2004 Dashboard

Figure 12.10: ISA Server Performance Monitor with Default Counters

Figure 12.11: The Alerts Properties Dialog Box

Figure 12.12: The New Alert Configuration Wizard

Figure 12.13: Selecting Events and Conditions to Trigger an Alert

Figure 12.14: Assigning a Category and Selecting a Severity Level for your New Alert

Figure 12.15: Defining Actions to be Performed when the Alert is Triggered

Figure 12.16: Sending E-Mail Notification Messages

Figure 12.17: Running a Program when an Alert is Triggered

Figure 12.18: Stopping or Starting a Service when an Alert is Triggered

Figure 12.19: Completing the New Alert Wizard

Figure 12.20: New Alerts Show Up in the Alerts Definitions Window

Figure 12.21: Modifying an Alert to Specify Time Thresholds

Figure 12.22: Viewing Alerts that have been Triggered

Figure 12.23: Event Viewer Application Log Entry Showing Information Displayed in Alerts Windows

Figure 12.24: Entering Connectivity Verification Details

Figure 12.25: Enabling a Rule to allow HTTP/HTTPS Requests

Figure 12.26: The New Connectivity Verifier

Figure 12.27: Modifying Properties of a Connectivity Verifier

Figure 12.28: Monitoring Connectivity from the Dashboard

Figure 12.29: Connectivity Problems Displayed on Dashboard

Figure 12.30: The Connectivity Tab Shows Which Server Has a Problem

Figure 12.31: Viewing Current Sessions

Figure 12.32: Setting Filter Criteria

Figure 12.33: Specifying Multiple Filtering Criteria

Figure 12.34: Result of Filtering

Figure 12.35: Stopping and Starting Services

Figure 12.36: Configuring Logging Separately

Figure 12.37: Configuring Log Storage Format

Figure 12.38: Configuring MSDE Database Logging

Figure 12.39: The Log Viewer with Default Filter

Figure 12.40: Editing a Log Filter

Figure 12.41: Saving Log Viewer Data by Copying to the Clipboard

Figure 12.42: The Reports Display

Figure 12.43: Configuring Report Content

Figure 12.44: Configuring Report Publishing

Figure 12.45: Generating the Report Upon Completion of the Wizard

Figure 12.46: Creating Report Jobs

Figure 12.47: Scheduling the Report Job

Figure 12.48: Editing the Report Job Properties

Figure 12.49: Configuring the Log Summary

Figure 12.50: Viewing Reports

/ 145