1 / 35

Implementing ISA Server Publishing

Implementing ISA Server Publishing with Web and Server Publishing Rules to grant access to HTTP and HTTPS resources, configuring DNS, setting up Web Listeners, and managing path mapping and link translation for enhanced network security and functionality.

kendras
Download Presentation

Implementing ISA Server Publishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing ISA ServerPublishing

  2. Introduction • What Are Web Publishing Rules? • ISA Server uses Web publishing rules to make Web sites on protected networks availableto users on other networks, such as the Internet. • A Web publishing rule is a firewallrule that specifies how ISA Server will route incoming requests to internal Webservers

  3. Web publishing rules provide: • Access to Web servers running HTTP protocol • HTTP application-layer filtering • Path mapping • User authentication • Content caching • Support for publishing multiple Web sites using a single IP address • Link translation

  4. What Are Server Publishing Rules • Web publishing and secure Web publishing rules can grant access only to Web serversusing HTTP or HTTPS. • To grant access to internal resources using any other protocol,you must configure server publishing rules • Server publishing rules provide: • Access to multiple protocols • Application-layer filtering for specified protocols • Support for encryption • IP address logging for the client computer

  5. Considerations for Configuring DNS for Web and Server Publishing

  6. Configuring Web Publishing Rules • Components of a Web Publishing Rule Configuration: • Web publishing rules map incoming HTTP or HTTPS requests to the appropriate Webservers located on a network protected by ISA Server. • Web publishing rules determinewhat incoming requests for HTTP objects will be accepted by ISA Server and howISA Server will respond to those requests.

  7. How to Configure Web Listeners • Web listeners are used by Web and secure Web publishing rules. • A Web listener is anISA Server configuration object that defines how the ISA Server computer listens forHTTP requests and SSL requests. • The Web listener defines the network, IP address, andthe port number on which ISA Server listens for client connections.

  8. How to Configure Web Listeners • If the ISA Server computerreceives a HTTP or HTTPS on a network adapter and no Web listener is configuredfor the IP address associated with the network adapter, ISA Server will discard allthe requests before applying Web server publishing rules.

  9. How to Configure Web Listeners • Network:This option specifies the network on which ISA Server will listen forincoming Web requests • Port numbers:This option specifies the port number on which the Web listenerwill listen for incoming Web requests • Client authentication methods:This option specifies the supported authenticationmethods if you are going to require authentication on the Web listener • Client Connection Settings:This option specifies the number of concurrentclient connections and connection timeout values for the Web listener.

  10. How to Configure Web Listeners

  11. If you have multiple network adapters or multiple IP addresses

  12. On the Port Specification page, select the protocol and port number used by theWeb listener

  13. modify the Web listener settings by doubleclickingthe Web Listener object in the Toolbox

  14. To configure the client connection options, click Advanced on the Preferences tab toget to the Advanced Settings dialog box

  15. How Path Mapping Works • Path mapping can be used in several different scenarios • For example: • An organizationmay have a Web site:http://www.cohovineyard.com. • If the entire Web site is located on a single Web serveryoucan use path mapping to redirect client requests to different virtual directories on thatserver. • The URL http://www.cohovineyard.com/catalog can be redirected to a virtualdirectory named CurrentCatalog on the Web server • the URL http://www.cohovineyard.com/sales is redirected to the SalesData virtual directory

  16. You can also use path mapping to redirect client requests to multiple internal Webservers. • For example: • when users request the URL http://www.cohovineyard.com/sales,they can be directed to the Sales virtual directory on one Web server. • When users request the URL http://www.cohovineyard.com/catalog, they are redirected to a Catalog virtual directory on another Web server

  17. How to Configure Path Mapping • ISA Server Management ->Firewall Policy->Web publishing rule->Tasks->Edit Selected Rule.

  18. How to Configure Link Translation • Path mapping allows you to redirect client requests from the ISA Server computer todifferent locations on one or more Web servers. • By using path mapping you can maska complex internal Web server configuration and present a simple Web site view to theInternet. • Link translation can provide the same end result, but is used in different situations. • Link translation is used when the Web pages published on ISA Server contain links to other Web servers on the protected network, and those Web servers are not accessible from the Internet

  19. Link translation is an ISA Server configuration object that enables ISA Server to replaceinternal server names on Web pages with server names that are accessible from theInternet • Some published Web sites may include references to internal names of computersother than the server listed in the Web publishing rule

  20. Link Translation Levels • Header link translation • Translation of links in the body of a returned Web page • EX:Web page on a server named Web1 is accessed through the URL www.cohovineyard.commay include a referenceto an image using http://Web1.cohovineyard.com/images/image1.jpg • Translation of links to other internal Web pages

  21. How to Configure Link Translation • ISA Server Management->Firewall Policy->Web publishing rule->Link Translation

  22. How to Configure Web Publishing Rules • ISA Server Management->Tasks->Publish A Web Server

  23. Configuring Secure Web Publishing Rules • Secure Web publishing provides an additional layer of security when publishing aninternal Web site by enabling the option to use SSL to encrypt all network traffic to andfrom the Web site. • Secure Web publishing is critical when securing Web sites that containconfidential information, or when the Web site asks clients to submit confidentialinformation such as credit-card numbers

  24. Components of a Secure Web Publishing Rule Configuration • What Is Secure Sockets Layer? • Secure Sockets Layer (SSL) is used to validate the identities of two computers involvedin a connection across a public network, and to ensure that the data sent between thetwo computers is encrypted. • To do this, SSL uses digital certificates and public and privatekeys.

  25. What Is Secure Sockets Layer • SSL enables the following features: • Server authentication • Client authentication • Encrypted SSL connections

  26. SSL Configuration Options • SSL tunneling: • the SSL connection is set up directly betweenthe client computer and the Web server • the ISA Server computerdoes not encrypt or decrypt the network packets but merely forwards encryptedpackets between the client and the Web server. • ISA Server cannot inspect the contentof the packets because the contents are encrypted as they pass through theISA Server computer.

  27. SSL bridging: • the ISA Server computer acts as the end pointfor one or more SSL connections • The network packets can still be encrypted fromthe Web client to the Web server. • however, in an SSL bridging scenario, theISA Server computer will decrypt network traffic from the client computer andthen re-encrypt it before sending it to the Web server

  28. Enabling SSL on ISA Server • If you plan to use SSL in an SSL tunneling configuration, you must install a digitalcertificate only on the Web server. The Web server and the client will use this certificateand the associated keys to create the SSL connection. • If you plan to use SSL in a SSL bridging configuration, you must install a digitalcertificate on the ISA Server computer, and possibly, on the Web server.To createan SSL connection with the client, the ISA Server computer must have a certificateinstalled. • If you require client certificates, you also need install digital certificates on eachclient computer.

  29. How to Install Digital Certificates on ISA Server • How to Configure a New Secure Web Publishing Rule

  30. Configuring Server Publishing Rules • Web publishing rules are used on ISA Server to enable access to HTTP and HTTPS contenton internal Web servers. • Server publishing rules are used to enable access to internalapplications that use other protocols. • Server publishing is a secure and flexible wayto publish the content or services provided by internal servers to the Internet

  31. Components of a Server Publishing Rule Configuration • Server publishing rules are used on ISA Server to map a port number on an externalinterface of the ISA Server computer to the IP address of an internal server providinga specific service. • When ISA Server receives a request on the external IP address for aspecific port, it passes the request to the internal server defined on the serverpublishing rule

  32. ISA Server performs the following steps: • 1.A client computer on the Internet needs to access an application server on a networkprotected by the ISA Server computer. the client computer will perform a DNS lookup to locate the IP address for the server that is providing the service • 2. ISA Server checks the destination port number and then uses the server publishing rule to map the request to an IP address of an internal server. • 3. The internal server returns the object to the ISA Server computer, which passes it on to the requesting client

  33. How to Configure a Server Publishing Rule

More Related