Module 2: Installing and Maintaining ISA Server

58 442 1
Module 2: Installing and Maintaining ISA Server

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

Module 2: Installing and Maintaining ISA Server Contents Overview Installing ISA Server Installing and Configuring ISA Server Clients 15 Lab A: Installing ISA Server and Configuring Clients 24 Maintaining ISA Server 36 Lab B: Configuring ISA Server 44 Review 51 Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property  2001 Microsoft Corporation All rights reserved Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting, Outlook, PowerPoint, Visual Basic, Visual C++, Visual Studio, Windows, Windows Media, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries Other product and company names mentioned herein may be the trademarks of their respective owners Module 2: Installing and Maintaining ISA Server iii Instructor Notes Presentation: 60 Minutes Lab: 60 Minutes This module provides students with the knowledge and skills to install and configure Microsoft® Internet Security and Acceleration (ISA) Server 2000 as a cache server and as a firewall After completing this module, students will be able to: Install ISA Server on a computer running Microsoft Windows® 2000 Server Configure computers as Web proxy, Firewall, or SecureNAT clients for ISA Server Perform administrative tasks for maintaining ISA Server Materials and Preparation This section provides the materials and preparation tasks that you need to teach this module Required Materials To teach this module, you need the Microsoft PowerPoint® file 2159A_02.ppt Preparation Tasks To prepare for this module, you should: Read all of the materials for this module Complete the labs Study the review questions and prepare alternative answers to discuss Anticipate questions that students may ask Write out the questions and provide the answers Read RFC 1918, “Address Allocation for Private Internets,” under Additional Reading on the Trainer Materials compact disc Read RFC1928, “SOCKS Protocol Version 5,” under Additional Reading on the Student Materials compact disc Review the document titled “Pre-Migration-Considerations.htm” on the Microsoft ISA Server compact disc Review the document readme.htm on the ISA Server compact disc Read the following sections in ISA Server Help: “Planning Considerations,” “Installing ISA Server,” “Checklist: Migrating from Microsoft Proxy Server 2.0,” “Migrating from Microsoft Proxy Server 2.0,” “ISA Server Clients,” “Installing and Configuring ISA Server Clients,” “Administering ISA Server,” and “Troubleshooting.” iv Module 2: Installing and Maintaining ISA Server Module Strategy Use the following strategy to present this module: Installing ISA Server Describe the issues to consider before and during the installation of ISA Server, including a new installation or an upgrade of a server from Microsoft Proxy Server 2.0 Point out the CPU scalability and operating system differences between ISA Server Standard Edition and ISA Server Enterprise Edition Explain that configuring the local address table (LAT) correctly is the single most important part of installing ISA Server Installing and Configuring ISA Server Clients Describe the features of each ISA Server client: Web proxy, Firewall, and SecureNAT Present or, if possible, demonstrate the procedures for configuring client computers for each type of client Maintaining ISA Server Present the tasks required to maintain an ISA Server computer, including starting and stopping services and backing up and restoring ISA Server Point out the taskpads and the Advanced view features in ISA Management Present or, if possible, demonstrate the procedures for adding entries to both the LAT and local domain table (LDT) Explain the use of the Msplat.txt file by the Firewall client Emphasize that for maximum security, you should save the backup files to an NTFS file system disk partition and set the appropriate permissions to protect against unauthorized access Module 2: Installing and Maintaining ISA Server v Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware Important The labs in this module are also dependent on the classroom configuration that is specified in the Customization Information section at the end of the Classroom Setup Guide for Course 2159A, Deploying and Managing Microsoft Internet and Security Acceleration Server 2000 Lab Setup There are no lab setup requirements that affect replication or customization Lab Results Performing the labs in this module introduces the following configuration changes: Student computers that are configured as ISA Server computers have ISA Server installed Student computers that are configured as ISA Server computers have the Default Web Site in Internet Information Services (IIS) configured to use Transmission Control Protocol (TCP) port 8008 Student computers that are configured as ISA Server computers have entries added to the LAT and the LDT Student computers that are configured as ISA Server client computers have the ISA Server administration tools installed Student computers that are configured as ISA Server client computers have the Firewall Client software installed Student computers that are configured as ISA Server client computers have the default gateway set to the Internet Protocol (IP) address of the ISA Server computer on the private network Student computers that are configured as ISA Server client computers have Microsoft Internet Explorer configured to use a Proxy server Module 2: Installing and Maintaining ISA Server Overview Topic Objective To provide an overview of the module topics and objectives Lead-in In this module, you will learn about the installation and maintenance tasks for ISA Server Installing ISA Server Installing and Configuring ISA Server Clients Maintaining ISA Server *****************************ILLEGAL FOR NON-TRAINER USE****************************** Whether you deploy Microsoft® Internet Security and Acceleration (ISA) Server 2000 as a dedicated firewall, a Web cache server, or an integrated solution, you must plan carefully to ensure that you have the required hardware and software After you perform an ISA Server installation, you must configure client computers Depending on the client operating systems and your specific requirements to control Internet access, you can choose to use the transparent SecureNAT technology or deploy the ISA Firewall Client software You can also configure computers as Web proxy clients to improve browser performance In addition, it is important to properly maintain ISA Server to ensure that all client computers have fast and secure access to the Internet After completing this module, you will be able to: Install ISA Server on a computer running Microsoft Windows® 2000 Server Configure computers as Web proxy, Firewall, or SecureNAT clients for ISA Server Perform administrative tasks for maintaining ISA Server Module 2: Installing and Maintaining ISA Server Installing ISA Server Topic Objective To identify the topics related to installing ISA Server Lead-in Before you install ISA Server, you must set up the hardware and configure the software of the ISA Server computer Identifying Hardware and Software Requirements Identifying Pre-Installation Tasks Selecting an Installation Mode Specifying the Initial Cache Size Configuring the LAT Upgrading from Microsoft Proxy Server 2.0 Troubleshooting ISA Server Installation *****************************ILLEGAL FOR NON-TRAINER USE****************************** Before you install ISA Server, you must set up the hardware and configure the software for the ISA Server computer To help identify the choices that you will make during installation, review the pre-installation checklist before performing the installation If you encounter problems during a new installation or an upgrade from Microsoft Proxy Server 2.0, see the Troubleshooting ISA Server Installation section Note You also can automate the installation of ISA Server For more information about performing an unattended setup, see “Unattended setup” in ISA Server Help Module 2: Installing and Maintaining ISA Server Identifying Hardware and Software Requirements Topic Objective Windows 2000 Server, Windows 2000 Advanced Server, or Windows Datacenter RAM To identify the hardware and software requirements for ISA Server CPU 256 MB 300 MHz or higher Internal Adapter Hard Disk Space Lead-in Before you install ISA Server, consider the software and hardware requirements 20 MB Active Directory External Adapter Hard Disk Format NTFS Arrays *****************************ILLEGAL FOR NON-TRAINER USE****************************** Delivery Tip Point out the CPU scalability difference between ISA Server Standard Edition and ISA Server Enterprise Edition The table below lists the hardware and software requirements for ISA Server Component Requirements CPU 300 megahertz (MHz) or higher Pentium II-compatible • ISA Server Standard Edition supports up to processors • ISA Server Enterprise Edition has no CPU limit Memory Hard disk space 20 MB and space for cache File system and disk format One local hard disk partition formatted with NTFS file system Operating system Explain that Windows 2000 Datacenter Server does not require Service Pack because it already includes all of the components of this Service Pack 256 megabytes (MB) of random access memory (RAM) Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, or Microsoft Windows 2000 Datacenter Server Windows 2000 Service Pack If running on Windows 2000 Server or Windows 2000 Advanced Server, ISA Server requires Service Pack You should install Service Pack when it becomes available For more information, see “System Requirements” in the ISA Server Release Notes on the ISA Server compact disc Networking A network adapter that is compatible with Windows 2000 for communicating with the internal network and an additional network adapter, modem, or Integrated Services Digital Network (ISDN) adapter that is compatible with Windows 2000 for communicating with the Internet or an upstream server Note The Active Directory™ directory service for Windows 2000 must be installed on your network to implement the array feature Module 2: Installing and Maintaining ISA Server Forward Caching Requirements Delivery Tip Summarize the hardware configurations that are listed in the tables It is not necessary to describe each configuration in detail Emphasize that these recommendations are only guidelines Students can monitor ISA Server for actual performance and adjust the ISA Server computers accordingly The following table lists the hardware configurations of a single ISA Server computer for the expected number of users who gain access to objects on the Internet Number of users ISA Server computer RAM Disk space allocated for caching Up to 500 Pentium II, 300 MHz 256 MB 2-4 gigabytes (GB) 500-1,000 Pentium III, 550 MHz 256 MB 10 GB More than 1,000 Two ISA Server computers with Pentium III, 550 MHz processors Additional ISA Server computer for each 2,000 users 256 MB for each 2,000 users 10 GB for each ISA Server computer If the number of users exceeds 1,000 users, consider better-performing hardware for the ISA Server computer or add more ISA Server computers Reverse Caching Requirements The following table lists the hardware configurations of a single ISA Server computer for the expected number of requests from Internet, or external, users The exact RAM requirements depend on the content that you are publishing Ideally, all cacheable content should fit into memory Number of hits per second for a single ISA Server computer ISA Server computer Less than 800 Pentium II, 300 MHz ~800 Pentium III, 550 MHz More than 800 Pentium III, 550 MHz for each 800 hits per second You can add more processors to your computer or you can add additional ISA Server computers Firewall Requirements The following table lists the hardware configurations for the expected rate of data transfer for Firewall and SecureNAT clients that gain access to objects on the Internet Rate of data transfer ISA Server computer RAM 1–25 megabits per second Pentium II, 300 MHz 256 MB 25–50 megabits per second Pentium III, 550 MHz 256 MB More than 50 megabits per second Pentium III, 550 MHz for each 50 megabits per second 256 MB Note Although it is important to have the required hardware configuration, the rate of data transfer is highly dependent on the speed of your connection to the Internet 38 Module 2: Installing and Maintaining ISA Server Maintaining the LAT and LDT Topic Objective To describe the procedures that you use to maintain the LAT and LDT 192.168.100.200 192.168.100.300 Lead-in ISA Server uses the LAT and the LDT to determine if an IP address or computer name is on the internal network Msplat.txt Msplat.txt Internet Internet 192.168.100.225 ISA Server ISA Server 192.168.100.200 192.168.100.300 Msplat.txt Msplat.txt Clients Clients *****************************ILLEGAL FOR NON-TRAINER USE****************************** ISA Server uses the LAT and the LDT to determine if an IP address or computer name is on the internal network The LAT contains IP address ranges that define your internal network address space The LDT lists all of the domain names in the internal network that are served by the ISA Server computer You can add entries to both the LAT and LDT in ISA Management On the Firewall client, the Msplat.txt file contains a copy of the LAT Firewall clients update the Msplat.txt file with the current settings from the ISA Server computer at startup and then every six hours thereafter Adding IP Addresses to the LAT Key Points Adding IP addresses to the LAT that are not on your internal network may cause connection problems for client computers and could compromise the security of your network The LAT created during Setup may not contain all of your organization's IP addresses In addition, your network address configuration may change after you install ISA Server After Setup, you can add these addresses manually, if necessary ISA Server stores the LAT information in the file C:\Program Files\Microsoft ISA Server\Clients\Msplat.txt Clients copy the LAT to the folder in which the Firewall Client software is installed Warning Never add IP addresses to the LAT that are not on your internal network Adding addresses to the LAT that are not on your internal network may cause connection problems for client computers and could compromise the security of your network Module 2: Installing and Maintaining ISA Server 39 To add IP addresses to the LAT: In ISA Management, in the console tree, expand Network Configuration, right-click Local Address Table (LAT), point to New, and then click LAT Entry In the From box, type the first IP address in the range of addresses to add to the LAT, and then in the To box, type the last IP address in the range of addresses to add to the LAT To add just one address, type the same IP address in the From box and the To box In the Description box, type a description of the LAT entry, and then click OK Note Because ISA Server overwrites the Msplat.txt file at regular intervals with a new version that is downloaded from the server, changes that you make on the client file are lost when the server updates the file If the client must connect directly to locations that are not in the Msplat.txt file, create a custom client LAT file To create a custom client LAT file, use a text editor to create a file named Locallat.txt, and place the file in the client Firewall Client folder The Firewall Client then uses both Msplat.txt and Locallat.txt to determine which IP addresses are local For more information about Locallat.txt, see “Firewall Client components” in ISA Server Help Adding Names to the LDT Key Points Only Firewall clients use the LDT A Firewall client uses the LDT to determine whether to perform a DNS lookup for a server to which it is trying to connect Firewall clients use the LDT to determine whether to perform a name resolution request directly or through the ISA Server computer If a name is in the LDT, the ISA Server client computer resolves the name resolution request directly by using a DNS server If a name is not in the LDT, the client forwards the request to the ISA Server computer, which then resolves the name request by passing the request to a DNS server on the Internet You can add entries to the LDT manually, if necessary To add entries to the LDT: In ISA Management, in the console tree, expand Network Configuration, right-click Local Domain Table (LDT), point to New, and then click LDT Entry In the Name box, type the name of the local domain In the Description box, type a description of the LDT entry, and then click OK 40 Module 2: Installing and Maintaining ISA Server Maintaining Configuration Information Topic Objective To describe the procedure that you use to back up and restore the ISA Server configuration Lead-in ISA Server includes a backup and restore feature that enables you to save and restore most ISA Server configuration information ISA Management Action View Tree Internet Security and Acceleration Server Servers and Arrays H323 Gate Disconnect Back Up… Restore… Promote… View Refresh Export List… Name Monitoring Computer Access Policy Publishing Bandwidth Rules Policy Elements Cache Configuration Monitoring Configuration Extensions Network Configuration Client Configuration Backup Array Store backup configuration in this location: Browse… Comment: Properties OK OK Cancel Restore Array Restore array configuration from the following backup (.BIF) file: Browse… OK OK Cancel *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key Points For maximum security, save the backup files to an NTFS disk partition and set the appropriate permissions to protect against unauthorized access ISA Server includes a backup and restore feature that enables you to save and restore most stand-alone server or array configuration information You can back up the stand-alone server or array configuration data and store it locally in a file You can save your configuration data to any folder on the local computer Although a backup of the ISA Server configuration allows you to quickly recover from configuration mistakes, the backup does not contain all of the configuration data for the ISA Server computer To recover from a system failure, you must also have a backup of your entire computer configuration on tape or other storage medium Important For maximum security, save the backup files to an NTFS disk partition and set the appropriate permissions to protect against unauthorized access Backing Up Configuration Information When you perform a backup, you save configuration information to a file on the ISA Server computer This information includes access policy rules, publishing rules, policy elements, the alert configuration, the cache configuration, and array properties Module 2: Installing and Maintaining ISA Server 41 To back up configuration information: In ISA Management, in the console tree, right-click the stand-alone server or array that you want to back up, and then click Back Up In the Store backup configuration in this location box, type the directory and file name of the backup file in which to store the backup data, and then click OK Note For more information about performing backups on an ISA Server computer, see “backup.htm” in the support\docs folder on the ISA Server compact disc Restoring a Configuration If you backed up the array configuration, you can restore the configuration The restoration process reconstructs most of the configuration parameters of the stand-alone server or array To restore a stand-alone server or an array configuration: In ISA Management, in the console tree, right-click the stand-alone server or array that you want to restore, and then click Restore Click Yes to acknowledge that the operation will replace the existing configuration In the Restore array configuration from the following backup (.BIF) file box, type the name of the directory in which the configuration backup file is located, and then click OK 42 Module 2: Installing and Maintaining ISA Server Managing Services Topic Objective To describe the services associated with ISA Server Lead-in You can manage most of the services associated with ISA Server from within ISA Management ISA Server Control Service Firewall Service Starts other ISA Server services Supports requests from Firewall clients and SecureNAT clients Web Proxy Service Supports requests from Web browsers Scheduled Content Download Downloads cache content from Web servers, according to the configured jobs H.323 Gatekeeper Manages requests for applications that use audio, video, or application sharing *****************************ILLEGAL FOR NON-TRAINER USE****************************** You can manage most of the services and settings associated with ISA Server from within ISA Server Management However, to start or to stop the Microsoft ISA Server Control service, you must use Services on the Administrative Tools menu ISA Server includes the following services: ISA Server Control service Starts the other ISA services, generates alerts and running actions, synchronizes each member server's configuration with the array, updates the client configuration files, and deletes unused log files Firewall service Supports requests from Firewall and SecureNAT clients Web Proxy service Supports requests from Web Proxy clients Microsoft Scheduled Cache Content Download service Downloads cache content from Web servers, according to the jobs that you configure by using ISA Management H.323 Gatekeeper service Manages requests for applications that use audio, video, or application sharing, such as NetMeeting Module 2: Installing and Maintaining ISA Server 43 Starting and Stopping ISA Services When one of the ISA Server services is not functioning correctly, you may have to restart or shut down the service In addition, ISA Server may stop a service because of an alert condition You will have to restart the service after resolving the condition that caused the service to shut down Using ISA Management To start or stop an ISA Server service in ISA Management: In ISA Management, in the console tree, expand Monitoring, and then click Services In the details pane, click the applicable service, and then click Start a Service or Stop a Service Using Services Key Points If you stop the ISA Server Control service, all of the other ISA Server services will also be stopped You use Computer Management to start and stop the ISA Server Control service and the H.323 Gatekeeper To start or stop an ISA Server service by using Services: On the Administrative Tools menu, open Services In the details pane, right-click the applicable service, and then click Start or Stop Important If you stop the ISA Server Control service, Windows 2000 also stops all of the other ISA Server services 44 Module 2: Installing and Maintaining ISA Server Lab B: Configuring ISA Server Topic Objective To introduce the lab Lead-in In this lab, you will configure ISA Server *****************************ILLEGAL FOR NON-TRAINER USE****************************** Explain the lab objectives Objectives After completing this lab, you will be able to: Use ISA Management Configure the LAT and LDT Back up and restore an ISA Server configuration Prerequisites Before working on this lab, you must have experience using MMC Estimated time to complete this lab: 30 minutes Module 2: Installing and Maintaining ISA Server 45 Exercise Using ISA Management In this exercise, you will explore ISA Management Scenario You have just installed ISA Server to provide secure Internet access for users at Northwind Traders Before you can start configuring firewall protection and caching, you must become familiar with ISA Management Tasks Detailed steps Perform the following exercise on the ISA Server computer and the ISA Server client computer Log on to the ISA Server computer as administrator@ domain.nwtraders.msft (where domain is the name of your domain) with a password of password, and then explore the differences between Taskpad view and Advanced view a Log on to the ISA Server computer as administrator@domain.nwtraders.msft (where domain is your assigned domain name) with a password of password b Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management c In the console tree, click Servers and Arrays ISA Management opens If ISA Management is not currently connected to an ISA Server computer, you must establish the connection before you can administer the ISA Server computer Perform the following steps only on the ISA Server client computer (continued) d In the details pane, click Connect To e In the Connect to dialog box, click Connect to this stand-alone server, in the Connect to this stand-alone server box, type server (where server is the name of the ISA Server computer), and then click OK Perform the following steps on the ISA Server computer and the ISA Server client computer (continued) f In the console tree, expand Servers and Arrays, and then click server (where server is the name of the ISA Server computer) g In the details pane, click Configure Firewall Protection ISA Management expands the console tree and highlights IP Packet Filters The details pane displays only the most common commands that are related to configuring firewall protection Notice that there is no command for disabling a packet filter h On the View menu, click Advanced The appearance of ISA Management changes to Advanced View 46 Module 2: Installing and Maintaining ISA Server In the following steps, you will disable and enable packet filters To avoid performing actions on the same packet filters as your partner, coordinate with your partner to ensure that the two packet filters that you will use are different from the two packet filters that your partner will use (continued) i In the details pane, right-click one of the IP packet filters in the list that does not display a red arrow, and then click Disable j Right-click the next IP packet filter in the list, and then click Properties k In the Properties dialog box for the IP packet filter, click to clear the Enable this filter check box, and then click OK l On the View menu, click Taskpad m In the details pane, click the first packet filter that you disabled, and then on the Action menu, click Enable n In the details pane, click the second packet filter that you disabled, and then click Configure a Packet Filter o In the Properties dialog box for the IP packet filter, select the Enable this filter check box, and then click OK Before you continue, ensure that the DHCP Client packet filter is disabled and that all other IP packet filters are enabled Module 2: Installing and Maintaining ISA Server 47 Exercise Configuring the LAT and the LDT In this exercise, you will configure the LAT and the LDT Scenario After you have installed ISA Server, you must configure the LAT and the LDT to include all of the IP address ranges and domain names that are inside the internal network at Northwind Traders This includes several address ranges that belong to the private IP address space 10.0.0.0 to 10.255.255.255 Tasks Detailed steps Perform the following exercise on the ISA Server computer and the ISA Server client computer Configure the LDT to include a domain If your assigned student number is lower than your partner’s assigned student number, you need to include domain.nwtraders.msft (where domain is the name of your domain) If your assigned student number is higher than your partner’s assigned student number, you need to include domain.contoso.msft (where domain is the name of your domain) In ISA Management, in the console tree, expand Network Configuration, and then click Local Address Table (LAT) b Right-click Local Address Table (LAT), point to New, and then click LAT Entry c In the New LAT Entry dialog box, in the From box, type 10.5.x.0 (where x is your assigned student number) In the To box, type 10.5.x.255 (where x is your assigned student number) e Configure the LAT to include the address range 10.5.x.0 to 10.5.x.255 (where x is your assigned student number) a d In the Description (optional) box, type Remote office addresses and then click OK a In ISA Management, in the console tree, click Local Domain Table (LDT) b Right-click Local Domain Table (LDT), point to New, and then click LDT Entry c In the New LDT Entry dialog box, in the Name box, type the following information: On the ISA Server computer, type domain.nwtraders.msft (where domain is the name of your domain) On the ISA Server client computer, type domain.contoso.msft (where domain is the name of your domain) d In the Description (optional) box, type Local domain, and then click OK e Minimize ISA Management Perform the following procedure only on the ISA Server client computer 48 Module 2: Installing and Maintaining ISA Server Test the connection by using the ftp utility to connect to IP addresses that are in the LAT and IP addresses that are not in the LAT a In Control Panel, double-click Firewall Client b In the Firewall Client Options dialog box, click Update Now The Firewall client dialog box appears and confirms that the refresh operation was successful The Firewall client downloaded the updated LAT information from the ISA Server computer c In the Firewall client dialog box, click OK d In the Firewall Client Options dialog box, click OK, and then close Control Panel e Open a command prompt window, and then at the command prompt, type ftp 10.1.x.250 (where x is the third octet of your computer’s IP address on your private network), and then press ENTER After approximately one minute, the ftp utility reports that the connection has timed out This result is expected because you attempted to contact an FTP server that does not exist The timeout message confirms that the connection attempt was not made through the ISA Server computer If the connection attempt had been made through ISA Server, ISA Server would have immediately blocked the attempt The ISA Server client computer attempted a direct connection because the IP address is in the LAT f At the ftp prompt, type open 192.168.250.5 and then press ENTER The ftp utility immediately reports that the connection was refused This is because the Firewall client routed the connection attempt for an IP address that is not in the LAT to the ISA Server computer ISA Server refused the connection because you have not created a rule that allows outgoing ftp traffic g At the ftp prompt, type open 10.5.x.5 (where x is your assigned student number), and then press ENTER The ftp utility immediately reports that the connection was closed by the remote host This is because the Firewall client attempted to connect directly to the IP address, which is in the LAT However, because the ISA Server computer, which is your default gateway, has no information in its routing table about how to route IP packets for this address, the connection failed h At the ftp prompt, type bye and then press ENTER i Close the command prompt window Module 2: Installing and Maintaining ISA Server 49 Exercise Backing Up and Restoring an Array Configuration In this exercise, you will back up and restore an array configuration Scenario After installing and configuring ISA Server, you want to ensure that you can recover from any configuration mistakes You will test the ability to recover from configuration mistakes by backing up the ISA Server configuration Tasks Detailed steps Perform the following procedure only on the ISA Server client computer Back up your array configuration a Restore ISA Management b In ISA Management, in the console tree, click server (where server is the name of the ISA Server computer) c On the Action menu, click Back Up Notice that the Browse button is not available This is because you are administering the ISA Server computer remotely from another computer The directory to which you will back up the ISA Server configuration is located on the ISA Server computer, not the computer from which you are configuring ISA Server d In the Backup Array dialog box, in the Store backup configuration in this location box, type C:\MOC\2159a\Labfiles\ISABackup.bif e In the Comment box, type server initial configuration (where server is the name of your computer), and then click OK f In the Backup Array message box, read the message text, and then click OK Wait for your partner to complete the preceding procedure Perform the following procedures only on the ISA Server computer 50 Module 2: Installing and Maintaining ISA Server Restore your array configuration a Restore ISA Management b In ISA Management, in the console tree, click server (where server is the name of the ISA Server computer) c On the Action menu, click Restore The ISA Server dialog box appears and reminds you that the existing configuration will be replaced when you restore your previous configuration from a backup d In the ISA Server dialog box, click Yes e In the Restore Array dialog box, in the Restore array configuration from the following backup (.BIF) file box, type C:\MOC\2159a\Labfiles\ISABackup.bif and then click OK f Confirm that you are restoring the correct backup information, and then click OK ISA Server restores your configuration When the restore process is complete, the Restore Array message box appears g In the Restore Array message box, click OK Perform the following procedure on the ISA Server computer and the ISA Server client computer Close ISA Management, and then log off • Close ISA Management, and then log off Module 2: Installing and Maintaining ISA Server 51 Review Topic Objective To reinforce module objectives by reviewing key points Installing ISA Server Lead-in Installing and Configuring ISA Server Clients The review questions cover some of the key concepts taught in the module Maintaining ISA Server *****************************ILLEGAL FOR NON-TRAINER USE****************************** When you install ISA Server in Cache mode or Integrated mode, what should you consider about the hard disk on your computer before you perform the installation? When installing ISA Server in Cache mode or Integrated mode, ISA Server uses hard disk space for caching You must ensure that you allocate enough disk space on one or more NTFS partitions to support your caching needs Why is it important that the LAT contains the correct IP addresses? An incorrectly configured LAT can cause ISA Server to incorrectly enforce rules When forwarding network traffic, this incorrect configuration can present a security risk All of the client computers in your organization run Windows 2000 You want to enable clients to gain access to the Internet by using several Winsock applications that use the TCP and UDP protocols You also want to ensure that Web content is efficiently cached Which clients should you use? Several configurations are possible For the most efficient operations, you should install the Firewall Client software to allow Internet access by Winsock applications and you should configure the Web Proxy client to ensure efficient caching 52 Module 2: Installing and Maintaining ISA Server How must you configure a SecureNAT client on a network that contains routers? You must configure the default gateway of the SecureNAT client to point to the closest router This router must forward all packets to the SecureNAT server either directly or by using other routers Can you use an ISA Server backup to recover an ISA Server computer after a complete system failure? No An ISA Server backup includes only the ISA Server configuration To recover from a complete system failure, you must perform a restore by using the Back up utility in Windows 2000 ... ISA Server Perform administrative tasks for maintaining ISA Server 2 Module 2: Installing and Maintaining ISA Server Installing ISA Server Topic Objective To identify the topics related to installing. .. 36 Module 2: Installing and Maintaining ISA Server Maintaining ISA Server Topic Objective To identify the topics related to maintaining ISA Server as a stand-alone server or an array Lead-in ISA. .. Internet Module 2: Installing and Maintaining ISA Server 21 Installing and Configuring Firewall Clients Topic Objective ISA Server ISA Server To describe the options for installing and configuring

Ngày đăng: 27/10/2013, 02:15

Từ khóa liên quan

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan