Let's assume you have a network utitlizing ISA 2004, which is a very robust firewall solution form Microsoft. And no, I do not consider ISA 2004 to be a "software" firewall, since it applies rules to multiple NIC's in your server essentially morphing it into a hardware firewall. Not every organization can afford to use Cisco PIX firewalls and other expensive hardware solutions to create a DMZ on their network, and most organizations running SBS have only 1 nic in their server to begin with. Having said that I will show you a simple, secure way to publish a server to the Web using only web publishing rules and a custom listener in ISA. Of course, a hardware based DMZ is always preferred, but when money is tight and deadlines are close you need some kind of alternative to get that web based application or in-house FTP out to the web! All you need is one extra static IP address from your ISP! Most ISP's will give you up to five public facing IP's without much trouble, so once you have one static IP in addition to the existing IP of your server then you are ready to begin.
> The first step will be to bind the extra public IP to your ISA server's public facing NIC. Open up your servers network connections panel and go to the properties of your external NIC.
> Select TCP/IP in the General tab, click Properties and then Advanced
> Under IP addresses you should only see one address, which is the public IP of your server. Click Add and put in the information for your extra public IP we talked about earlier.
> You will now see the extra public IP in the IP addresses box in the Advanced TCP/IP Settings. Click OK and exit the properties of your external Nic.
> Now that we have the extra IP binded to our external Nic we have some work to do in ISA 2004. Open up the ISA 2004 MMC and click "Publish a Web Server" under Firewall Tasks.
> Create a name for the rule, such as "FTP Server" in my example, and click Next.
> Click "Allow" then Next
> Enter the LOCAL IP address of the server you want to publish to the Web and click Next
> On the Public Name Details page you will enter the address people will type in the address bar of their browser to access your server. You can have your ISP create a public name that will resolve to your extra public IP such as ftp://company.example.com, but for this example we will just type in the extra public IP in the "Public name" box.
> Now we come to the page where we select or create a web listener. When you configure a Web listener, you are specifying:
• The network corresponding to the network adapter on the ISA Server computer that will listen for incoming Web requests. The Web listener can listen on all the Internet Protocol (IP) addresses associated with a network or on specific IP addresses.
• The port number that will listen for incoming Web requests on the selected network IP addresses.
• Client authentication methods (optional).
> Select "New" to create a new web listener.
> Name your custom listener and click Next.
> Select your external NIC, but do NOT click Next yet! If you select External and click Next it will listen based on ALL IP addresses for that interface, which is what we don't want! Select External then click the Address button.
> Now select "Specified IP Addresses" and in the box below select ONLY the extra public IP you bound to the external Nic earlier. Click add to move it to the "Selected IP Addresses" box and click OK.
> Now we select which port the listener will monitor for traffic. In my case I am publishing an FTP server, so I will select 21. If you are publishing a web site, or other web based application you will leave the default of 80. You can also enable SSL for a secure connection, provided you have a certificate server or another means of using a certificate.
> We are now at the final page of the Web Listener wizard, so review your selections and click Next.
> We are now back in the "Web Publishing" wizard and you should see the web listener we just created in the selection box. (If not, use the pull down and select it) Click Next
> Since we are publishing this server to the web the rule must apply to "All Users", so make sure that user set is selected and click Next
> We are now at the final page of the "Web Publishing" wizard, so review your selections and click Finish.
> Now click Apply in ISA 2004 to put the settings we just made into effect.
Now go to a web browser and enter the public IP address you bound to the external Nic and you will be taken to whatever you decided to publish to the web! You may also want to call a friend external to your Lan and have him do the same to ensure it works from the net as well.
Subscribe to:
Post Comments (Atom)
6 comments:
Hey
Good article. I have one question. I am trying to publish my activesync in order to use a mobile phone via ssl. We have a rule configured on port 443 so isa2004 will not allow me to make another listener. Any Ideas?
Sean
sburke@cetaris.com
Can anyone recommend the well-priced Managed Service software for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central support network
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!
Wacker, mir scheint es die glänzende Idee viagra ohne rezept forum levitra generika [url=http//t7-isis.org]viagra billig online bestellen[/url]
So I did what I usually did when I wanted to think clearly. SCREAMS TWO YOUNGER BYSTANDERS START TO FLAIL ARMS AND FALL TO THE GROUND UNIDENTIFIED MAN See.
gay bdsm twink stories
free rape stories porn
nifty eotic stories
brides spanking stories
old gay sex stories
So I did what I usually did when I wanted to think clearly. SCREAMS TWO YOUNGER BYSTANDERS START TO FLAIL ARMS AND FALL TO THE GROUND UNIDENTIFIED MAN See.
``You dont sound like the video. What shehad was self maintaining but what she saw when she looked in the mirrorvaried according to her mood.
free hardcore erotic stories
family nude first time stories
first time gay cock suck stories
dirty true sex stories
her first time stories
``You dont sound like the video. What shehad was self maintaining but what she saw when she looked in the mirrorvaried according to her mood.
Forewarned is forearmed.
Post a Comment