Support User Manuals

Microsoft 2004 Server User Manual

Open as PDF

of 263

ISA Server 2004 Configuration Guide 92

Scenario 1: The Edge Firewall Configuration

The Edge Firewall template configures the ISA Server 2004 firewall to have a network

interface directly connected to the Internet and a second network interface connected to the

Internal network. The network template allows you to quickly configure firewall policy Access

Rules that control access between the Internal network and the Internet.

Table 1 shows the firewall policies available to you when using the Edge Firewall template.

Each of these firewall policies has its own set of Access Rules that it creates, ranging from an

all open access policy between the Internal network and Internet to a Block All policy that

prevents all access between the Internal network and the Internet.

Table 1: Network Edge Firewall Template Firewall Policy Options

Firewall Policy Description

Block all

Block all network access through ISA Server.

This option does not create any access rules other than the default

rule which blocks all access.

Use this option when you want to define firewall policy on your

own.

Block Internet access,

allow access to ISP

network services

Block all network access through ISA Server, except for access to

network services such as DNS. This option is useful when your

Internet Service Provider (ISP) provides these services.

Use this option when you want to define firewall policy on your

own.

The following access rules will be created:

1. Allow DNS from Internal Network and VPN Clients Network to

External Network (Internet)

Allow limited Web

access

Allow Web access using HTTP, HTTPS, FTP only. Block all other

network access.

The following access rules will be created:

1. Allow HTTP, HTTPS, FTP from Internal Network to External

Network

2. Allow all protocols from VPN Clients Network to Internal

Network

Allow limited Web

access and access to

ISP network services

Allow limited Web access using HTTP, HTTPS, and FTP, and

allows access to ISP network services such as DNS. Block all

other network access.

The following access rules will be created:

1. Allow HTTP, HTTPS, FTP from Internal Network and VPN

Clients Network to External Network (Internet)

2. Allow DNS from Internal Network and VPN Clients Network to

External Network (Internet)

3. Allow all protocols from VPN Clients Network to Internal

Network

Allow unrestricted

Allow unrestricted access to the Internet through ISA Server. ISA

previous next