Deploying Microsoft Internet Security and Acceleration (ISA) Server 2006 with Windows Small Business Server 2008
Version 1
Published April, 2009
By Eriq Oliver Neale
MCSE, Small Business Specialist
A Microsoft Most Valuable Professional (MVP)
Third Tier – Support Services for IT Professionals
Deploying ISA 2006 with SBS 2008
SBS 2008 customers who want to use ISA 2006 as the external firewall that protects the internal network can do so. This document outlines the steps necessary to install and configure ISA 2006 and to configure SBS 2008 to work with ISA 2006 as the external firewall.
Environment
For the purposes of this document, the following network configuration will be assumed:
• SBS 2008 IP: 192.168.0.2
• SBS 2008 Server Name: COHO-SERVER
• SBS 2008 internal domain name: coho.local
• DHCP services running on the SBS 2008 server
• Router IP (existing firewall): 192.168.0.1
The Term Paper on Exchange Server 2003 2000 System
If you simply want to do an in-place upgrade of Exchange 2000 to Exchange 2003 using the same server, you " ve got it made - Microsoft has explained the process of upgrading and made it pretty simple. Even if you " re still using Exchange v 5. 5, Microsoft has you covered with a wealth of documentation to peruse. But what if you " re an Exchange 2000 organization that wants to bring in a new ...
• ISA Server IP: 192.168.0.5
• ISA Server name: COHO-GATEWAY
• External domain name: remote.cohovineyards.com
Preparation
Before continuing with the remainder of this document, you will need to ensure that you have the following materials:
• Server hardware with two network interface cards capable of running ISA 2006 (see “Best Practices for Performance in ISA 2006” at http://technet.microsoft.com/en-us/library/bb794835.aspx)
• Driver software for the server hardware
• Windows Server 2003 Standard installation media
• ISA 2006 Standard installation media
• ISA 2006 SP1 installation media
NOTE: You need to download the ISA 2006 SP1 installer (http://www.microsoft.com/downloads/details.aspx?FamilyId=D2FECA6D-81D7-430A-9B2D-B070A5F6AE50&displaylang=en) before the process and not expect to download the update via Microsoft Update after completing the ISA 2006 installation. You will not have internet access from the ISA server after you install ISA 2006 until you complete the configuration steps, which require ISA 2006 SP1 to be installed. This installer can be saved onto a USB key or other removable media for use later in the process.
Process
The process for installing and configuring Server 2003 and ISA 2006 is as follows:
1. Install Windows Server 2003
2. Configure Network Cards
3. Configure Domain Membership
4. Install ISA 2006
5. Install Trusted Certificate on ISA server
6. Connect ISA server to the external network
7. Configure ISA System Policy
8. Configure Firewall Rules
9. Confirm Proper Operation
Install Windows Server 2003
Follow these steps to prepare and install Windows Server 2003 on the server that will be used as the ISA server.
1. Prepare the server hardware
a. Ensure that the server has two network cards and that the cards are HCL-certified adapters. NOTE: KB951141 (http://support.microsoft.com/kb/951141) recommends against using on-board Broadcom NetExtreme Server adapters.
The Term Paper on Windows 2000 Domain Server Message
... Reinstalling MS DTC After Installing Microsoft SQL Server TM Whenever you install SQL Server 6.5, SQL Server 7. 0, or any SQL Server 6. 5 or ... Contact your hardware vendor about updated files for your drivers. You should not use 8-bit network adapters with Windows 2000. Because ... a Plug and Play operating system. If your computer contains ISA cards, they may be set in a manually configured mode ...
b. Connect the NIC that will be used for the internal network (Internal NIC) to the internal network.
c. Leave the NIC that will be used for the external network (External NIC) disconnected.
2. Install Windows Server 2003 on the computer
a. Select/install hardware drivers as necessary.
b. Select Per Device/User as the licensing mode.
c. Do not join the server to the domain.
d. Select Typical settings for the network during installation. This will allow the server to pick up a DHCP address from the SBS 2008 server and connect to the local network and have Internet access through the existing router.
3. Install updates on the server.
a. Install Windows Server 2003 SP2 if not already installed.
b. Use http://update.microsoft.com/windowsupdate to ensure that all related product updates are installed.
c. Restart and recheck for updates until all updates are installed.
4. Follow http://support.microsoft.com/kb/948496 to ensure all Scalable Networking settings are disabled. NOTE: KB948496 should have been installed with the updates installed in Step 3 above. Look in C:Windows for a folder named $NtUninstallKB948496$ to determine if the update has been installed.
5. Verify that the Scalable Network settings have been disabled:
a. Open the Registry Editor on the server.
b. In HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters make sure that the EnableRSS, EnableTCPA and EnableTCPChimney values have been set to 0.
c. Set the DisableTaskOffload value to 1. If the DisableTaskOffload value does not exist, follow these steps to create it:
i. Locate and click on the subkey HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters
ii. On the Edit menu, select New, select DWORD Value, then type DisableTaskOffload.
iii. Double-click DisableTaskOffload, type 1, and then click OK.
iv. Close the registry editor and restart the server.
Configure the Network Cards
Now that the server has been updated, you need to configure the network cards. This is not the final configuration of the network interfaces on the ISA server, but these steps are needed to allow the server to join the SBS 2008 network and install ISA. For security reasons, the external network card remains unplugged through this process.
The Essay on Client Server Network 8211 Peer
By: Chris Im 1. A network consists of two or more computers that are linked in order to share resources such as printers and CD-ROMs, exchange files, or allow electronic communication. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams. 2.LAN- Stands for local area network. This is usually confined to a small space such as a ...
1. Name the Network Connections
a. Open Network Connections from Control Panel.
b. Right-click on the connected network card and select Rename.
c. Name the connection Internal Network.
d. Right-click on the disconnected network card and select Rename.
e. Name the connection External Network.
2. Configure the Internal Network Connection
a. Right-click on Internal Network and select Properties.
b. Select Internet Protocol (TCP/IP) and click Properties.
c. Select the Use the following IP address radio button.
d. Enter the IP address (192.168.0.5 – this IP address must not conflict with the existing router address).
e. Enter the appropriate subnet mask (255.255.255.0).
f. Leave the Default Gateway field blank.
g. Enter the IP address of the SBS server (192.168.0.2) as the first DNS server and leave the second DNS server empty.
h. Click OK.
i. Close the Internal Network properties page.
3. Configure the External Network Connection
a. Right-click on External Network and select Properties.
b. Turn off the checkbox for File and Printer Sharing for Microsoft Networks.
c. Turn off the checkbox for Client for Microsoft Networks.
d. Select Internet Protocol (TCP/IP) and click Properties.
e. Enable the Obtain and IP address automatically radio button.
f. Click Advanced.
g. Select the WINS tab.
h. Select the Disable NetBIOS over TCP/IP radio button.
i. Click OK twice.
j. Close the External Network properties page.
Configure Domain Membership
At this point, you will join the ISA server to the domain as a member server. Follow these steps to complete the domain configuration for the ISA server and the SBS server.
1. Join the ISA server to the domain.
a. Right-click on My Computer and select Properties.
The Term Paper on Computer Network and Networking Essentials
This foundational course covers local area network topics including rationale for networking, the open systems interconnection (OSI) model, common network topologies and architecture, client/server concepts, basic hardware devices and usage, and basic networking security concepts. Policies Faculty and students will be held responsible for understanding and adhering to all policies contained within ...
b. Click on the Computer Name tab.
c. Click Change.
d. Enter the correct name (COHO-GATEWAY) in the Computer Name field, if necessary.
e. Click the Domain radio button.
f. Enter the internal domain name for the network (coho.local).
g. Click OK.
h. When prompted, enter the username and password of an account with permission to join the computer to the domain and click OK.
i. Restart COHO-GATEWAY.
2. Move the ISA server computer object in Active Directory.
a. On the SBS 2008 server, open Active Directory Users and Computers.
b. Expand MyBusiness, Computers, and select SBSComputers.
c. Click on the COHO-GATEWAY object and drag it to the SBSServers Organizational Unit.
d. In the Active Directory Domain Services warning dialog that appears, click Yes.
Install ISA 2006
Now you are ready to install ISA 2006 and ISA 2006 SP1. Make sure that you have the installation media for ISA 2006 and the ISA 2006 SP1 installer before continuing with the process.
1. Install ISA 2006
a. Launch the ISA 2006 installer and click Next.
b. Accept the license terms and click Next.
c. Enter or confirm the correct Name, Organization, and enter the product key, then click Next.
d. Select a Typical installation and click Next.
e. Click Add to add a new internal address range.
f. Click Add Adapter.
g. Enable the checkbox for Internal Network and click OK.
h. Click OK to accept the new internal address range.
i. Click Next.
j. Make sure the Allow non-encrypted Firewall connections option is unchecked and click Next.
k. Click Install.
l. When the installation completes, leave the Invoke ISA Server Management checkbox unchecked and click Finish.
2. Install ISA 2006 SP1
a. Launch the ISA 2006 SP1 installer and click Next.
b. Accept the license terms and click Next.
The Research paper on Selected Readings In Computer Mediated Communication Communication Th
This is a selected listing of items related to Computer-MediatedCommunication, the Internet, and network information infrastructure and use. These items were on my qualifying exam reading list for the doctoral program in Communication and Rhetoric at Rensselaer Polytechnic Institute. I took these exams in September, 1993. The first sections describe what the articles and books are about. Following ...
c. Click Install.
d. Once installation completes, click Finish.
e. Restart the server when prompted.
Install Trusted Certificate on ISA Server
In order for secure communications to pass through ISA to the SBS server from the Internet, the ISA server needs to have the SSL certificate from the SBS server installed into the certificate store on the ISA server. This process involves exporting the correct certificate from the SBS 2008 server and installing it on the ISA server. The recommended practice for SBS 2008 is to purchase an install a third-party SSL certificate using the Add a Trusted Certificate wizard on the SBS 2008 console. This certificate should be purchased and installed before performing the ISA 2006 server installation.
1. Export the SSL certificate from the SBS 2008 server
a. From the Start menu, select Run and enter mmc.
b. In the UAC prompt click Continue.
c. From the File menu, select Add/Remove Snap-in.
d. Select Certificates from the list of Available snap-ins and click Add.
e. Select Computer account and click Next.
f. Select Local computer and click Finish.
g. Click OK to close the Add/Remove Snap-ins window.
h. Expand Certificates, expand Personal, and click Certificates.
i. Right-click on the remote.cohovineyards.com certificate, select All Tasks, then select Export.
j. Click Next.
k. Select Yes, export the private key and click Next.
l. Enable the Include all certificates in the certification path if possible checkbox and click Next.
m. Type and confirm a password for the certificate file and click Next.
n. Click Browse to select the path to save the file , preferably to a USB stick.
o. Enter the name for the file and click Save.
p. Click Next, then click Finish to export the certificate file.
q. Click OK when the export is complete.
r. Close the MMC.
2. Import the SSL certificate on the ISA server
a. From the Start menu, select Run and enter mmc.
b. From the File menu, select Add/Remove Snap-in.
The Term Paper on Deploying a Jdeveloper Soa Application to Oracle Weblogic Server 11g
7/14/13 Deploying a JDeveloper SOA Application to Oracle WebLogic Server 11g Deploying a JDeveloper SOA Application to Oracle WebLogic Server 11g Purpose In this tutorial, you use Oracle JDeveloper 11g to deploy a SOA Web application to Oracle WebLogic Server 11g. Time to Complete 2 hours Topics The tutorial covers the following topics: Overview Prerequisites Starting the Environment Testing the ...
c. Click Add.
d. Select Certificates from the list and click Add.
e. Select Computer Account and click Next.
f. Select Local Computer and click Finish.
g. Click Close, then click OK.
h. Expand Certificates, then select Personal.
i. Right-click on Personal, then select All Tasks, then click Import.
j. Click Next.
k. Click Browse and navigate to the folder where you saved the export file (the USB key) and select the export file (you may need to change Files of Type to All to see the exported certificate file).
l. Select the file and click Open.
m. Click Next.
n. Enter the password you set on the file and click Next.
o. Click Next, then click Finish.
p. Once the import completes, you will see the certificate and other certificates from the signature path if applicable. Close the MMC when complete.
Connect ISA Server to the External Network
Now you can replace your existing firewall with the ISA server and connect the external network card to the ISP connection. The ISA server will not allow full inbound and outbound Internet access at this point, and you will need to complete the remaining processes in this document to restore full connectivity. But you should move the connection at this point to be able to test Internet connectivity after you have configured the ISA System Policy and the first ISA Firewall Rule outlined below.
Follow these steps to finish the configuration of the external network card:
1. On COHO-GATEWAY, open Network Connections from the Control Panel.
2. Right-click on External Network and select Properties.
3. Select Internet Protocol (TCP/IP) and click Properties.
4. Enter the IP address, subnet mask, and Default Gateway provided by the ISP.
5. Click OK.
Configure ISA System Policy
The next step is to configure ISA to allow proper internal domain communications. Follow these steps to complete the ISA System Policy configuration.
1. Open the ISA Server Management Console.
2. Select the Firewall Policy node.
3. Add the SBS Server to the Remote Management Computers object.
a. Select the Toolbox pane.
b. Expand Computer Sets.
c. Double-click on Remote Management Computers.
d. Click Add and select Computer.
e. Enter the name of the server (COHO-SERVER) in the Name field.
f. Enter the IP address of the server (192.168.0.2) Computer IP Address field and click OK.
g. Click OK to close the dialog, then click Apply to save the changes.
4. Select the Tasks tab and click Edit System Policy.
5. Configure DHCP: If your ISP provides a DHCP address for your internet connection, follow these steps to correctly configure the ISA server to accept a DHCP connection.
a. Select the DHCP node under Network Services.
b. Open the From tab.
c. Click Add next to the This rule applies to traffic from these sources window.
d. Expand Networks, click External, then click Add, and then click Close.
6. Terminal Server: if you want to allow Terminal Server access directly to the ISA server from a computer other than the SBS server, you will need to make the following changes. Follow these steps to allow Terminal Server (Remote Desktop) access to the ISA server from computers other than the SBS server.
a. Under the Remote Management node, click Terminal Server.
b. Click the From tab.
c. Select the Remote Management Computers and click Edit.
d. Click Add and select Computer.
e. Enter the name of the computer in the Name field, and enter the IP address of the computer in the Computer IP Address field. NOTE: the computer will need to either have a static IP address or a DHCP reservation to ensure it has the same IP address as ISA will only allow a connection from the IP address, not the workstation name.
f. Click OK. This adds the SBS server to the list of computers that can access the ISA server via Terminal Services.
g. Repeat steps d. through f. for all computers that you wish to be able to access the ISA server via Terminal Services.
h. Click OK.
7. Ping: If you want to be able to ping the ISA server from the internal network, follow these steps.
a. Under the Remote Management node, click ICMP (Ping).
b. Click the From tab.
c. Click Add next to the This rule applies to traffic from these sources window.
d. Expand Networks, then add the sources that you want to be able to ping the ISA server.
e. Click Close.
8. Remote Monitoring: You need to enable remote monitoring of the ISA server from trusted servers.
a. Under the Remote Monitoring node, click Remote Performance Monitoring.
b. Enable the checkbox for Enable this configuration group.
9. Click OK to close the system policy settings.
10. Click Apply to save the changes.
Configure ISA Firewall Rules
Finally, the ISA server is ready to be configured to manage inbound and outbound Internet access. This last section covers the configuration settings needed to allow the standard access for the SBS 2008 network. These items are covered in the following sections.
• Create ISA Server Objects
• Enable Outbound Access for workstations
• Enable Outbound Access for the SBS 2008 Server
• Publish Exchange Mail Server (SMTP)
• Publish Outlook Web Access
• Publish Outlook Anywhere
• Publish Exchange ActiveSync
• Publish Remote Web Workplace
• Publish Companyweb
Create ISA Server Objects
In order for several of the following processes to work, you must first create some objects in the ISA 2006 configuration. Follow these steps to create the Computer Objects and Web Listeners necessary to complete the ISA 2006 Configuration.
1. Open the ISA Management Console.
2. Select the Firewall Policy node and click on the Toolbox tab.
3. Create the SBS 2008 Computer object
a. Right-click on the Computers folder and select New Computer.
b. Enter the name of the server (COHO-SERVER).
c. Enter the IP address for the server (192.168.0.2)
d. Enter an optional description for the object.
e. Click OK.
4. Create the SBS Web Listener
a. Right-click on the Web Listeners folder and select New Web Listener.
b. Enter SBS Web Listener and click Next.
c. Select Require SSL secured connections with clients and click Next.
d. Enable the External checkbox and click Next.
e. Select Use a single certificate for this Web Listener and click Select Certificate.
f. Select the certificate with the public DNS name (should be the only certificate available in the list) and click Select.
g. Click Next.
h. Select HTML Form Authentication and make sure Windows (Active Directory) is selected, then click Next.
i. Click Next.
j. Click Finish.
5. Create the Companyweb Listener
a. Right-click on the Web Listeners folder and select New Web Listener.
b. Enter SBS Companyweb Listener and click Next.
c. Select Require SSL secured connections with clients and click Next.
d. Enable the External checkbox and click Next.
e. Select Use a single certificate for this Web Listener and click Select Certificate.
f. Select the certificate with the public DNS name (should be the only certificate available in the list) and click Select.
g. Click Next.
h. Select HTML Authentication, enable the Basic checkbox, and make sure Windows (Active Directory) is selected, then click Next.
i. Click Next.
j. Click Finish.
k. Right-click on the newly-created listener and select Edit.
l. Select the Connections tab.
m. Change the port number from 443 to 987.
n. Click Apply, then click OK.
6. Allow WSUS Access to the SBS server from the ISA server
a. In the ISA Management Console, select the Tasks tab.
b. Click Create Access Rule.
c. Enter Access to WSUS and click Next.
d. Select Allow, then click Next.
e. In the Protocols page, chose Selected Protocols from the drop-down list, then click Add.
f. From the New menu, select Protocol.
g. Enter SBS WSUS and click Next.
h. In the Primary Connection Information page, click New.
i. Select TCP as the Protocol Type, Outbound as the Direction, and enter 8530 in both the From and To fields, then click OK.
j. Click Next.
k. Select No and click Next.
l. Click Finish.
m. Select SBS WSUS from the User-Defined folder and click Add.
n. Click Close, then click Next.
o. In the Access Rule Sources page, click Add.
p. Expand Networks, select Local Host, then click Add.
q. Click Close, then click Next.
r. In the Access Rule Destinations page, click Add.
s. Expand Computers, select the SBS server object, then click Add.
t. Click Close, then click Next.
u. Ensure that All Users is listed, then click Next.
v. Click Finish.
w. Click Apply.
Enable Outbound Access for the SBS 2008 Network Workstations
The following steps configure ISA to allow outbound access from the internal workstations. First is to create the SBS Internet Users security group on the SBS server, followed by creating a rule for outbound VPN access, followed by the default outbound access rule in ISA for the workstations.
Create the SBS Internet Users Group
Follow these steps to create the security group on the SBS server that will be used to determine which users have Internet access through ISA.
1. On COHO-SERVER, open the Windows SBS Console.
2. Select the Users and Groups tab, and then select the Groups subtab.
3. Under Tasks, click Add new group.
4. Click Next.
5. In the Group Name field, enter SBS Internet Users.
6. Under Group Type, select the Security Group radio button, then click Next.
7. Select the user objects that should have access to the Internet and click Add.
8. When complete, click Add Group.
NOTE: When you add new users to the network, you will need to add them to the SBS Internet Users security group to give them access to the Internet.
Create the Outbound VPN Rule
Follow these steps to allow outbound VPN from the internal SBS network.
1. On COHO-GATEWAY, open the ISA Management Console.
2. Select the Firewall Policy node from the tree and select the Tasks tab.
3. Click Create Access Rule.
4. In the Access Rule Name field, enter Outbound VPN and click Next.
5. Select the Allow radio button and click Next.
6. Choose Selected Protocols from the drop-down list and click Add.
7. Expand All Protocols and select PPTP, then click Add.
8. Click Close, then click Next.
9. In the Access Rule Sources page, click Add.
10. Expand Network Sets, select Internal, then click Add.
11. Click Close, then click Next.
12. In the Access Rule Destinations page, click Add.
13. Expand Networks, select External, then click Add.
14. Click Close, then click Next.
15. In the User Sets page, click Next.
16. Click Finish to create the rule.
Create the Outbound Access Rule
1. In the Firewall Policy list, select the Default Rule (last rule in the list).
2. In the Tasks tab of the ISA Management console, click Create Access Rule.
3. Name the rule Outbound Access and click Next.
4. Select Allow and click Next.
5. In the Protocols page, select Selected Protocols from the This rule applies to drop down menu, then click Add.
6. Expand All Protocols, then select the following protocols, clicking Add after selecting each one: FTP, HTTP, HTTPS. If there are other protocols you wish to add, select them and add them at this point.
7. When finished selecting protocols, click Close, then click Next.
8. In the Access Rule Sources page, click Add.
9. Expand the Network Sets folder and select All Protected Networks, then click Add.
10. Click Close, then click Next.
11. In the Access Rule Destinations page, click Add.
12. Expand Networks and select External, then click Add.
13. Click Close, then click Next.
14. To limit access to the SBS Internet Users security group, follow these steps.
a. In the User Sets page, select All Users and click Remove.
b. Click Add.
c. In the Add Users window, click New.
d. Enter SBS Internet Users as the set name and click Next.
e. Click Add, then select Windows users and groups.
f. Click Locations, expand Entire Directory, select cohovineyards.local, and click OK.
g. Enter SBS Internet Users and click Check Names.
h. When the SBS Internet Users group appears underlined, click OK.
i. Make sure the correct security group is listed then click Next.
j. Click Finish.
k. Select SBS Internet Users and click Add.
l. Click Close, then click Next.
15. Click Finish.
16. Click Apply to save changes.
Enable Outbound Access for the SBS 2008 Server
The SBS 2008 server needs outbound access through ISA for several network services. Follow these steps to create the SBS 2008 Outbound Access rule.
1. In the Firewall Policy list, select the top rule in the list.
2. In the Tasks tab of the ISA Management console, click Create Access Rule.
3. Name the rule SBS 2008 Outbound Access and click Next.
4. Select Allow and click Next.
5. In the Protocols page, click Add.
6. Expand All Protocols, then select the following protocols, clicking Add after selecting each one: DNS, HTTP, HTTPS, NTP (UDP), SMTP. NOTE: if you are using the POP3 connector on the SBS 2008 server, add POP3 to the list.
7. Click Close, then click Next.
8. In the Access Rule Sources page, click Add.
9. Expand the Computer folder and select the SBS server object, then click Add.
10. Click Close, then click Next.
11. In the Access Rule Destinations page, click Add.
12. Expand Networks and select External, then click Add.
13. Click Close, then click Next.
14. In User Sets, make sure that All Users is listed, then click Next.
15. Click Finish.
16. Click Apply to save changes.
Publish Exchange Mail Server (SMTP)
Next you will allow the SBS server to receive inbound e-mail through ISA.
1. In the Tasks tab of the ISA Management console, click Publish Mail Servers.
2. Name the rule Exchange SMTP and click Next.
3. Select Server-to-server communications: SMTP, NNTP and click Next.
4. Enable the checkboxes for SMTP and Secure SMTP and click Next.
5. Enter the IP of the SBS server (192.168.0.2) and click Next.
6. Enable the External checkbox and click Address.
7. Select Default IP addresses for network adapters on this network and click OK.
8. Click Next, then click Finish.
9. ClicK Apply to save changes.
Publish Outlook Web Access
The next three sections involve publishing services for Exchange clients and all start from the same ISA publishing wizard. However, all three are very different, so pay attention to the differences in each of these processes.
1. In the Tasks tab, click Publish Exchange Web Client Access.
2. Name the rule Exchange OWA and click Next.
3. Select Exchange 2007 from the Exchange version drop-down menu.
4. Enable Outlook Web Access and click Next.
5. Select Publish a single web site or load balancer and click Next.
6. Select Use SSL to connect to the published Web server or server farm and click Next.
7. Enter remote.cohovineyards.com in the Internal site name field and click Next.
8. Enter remote.cohovineyards.com in the Public name field and click Next.
9. Select the SBS Web Listener and click Next.
10. Select No delegation, but client may authenticate directly as the authentication delegation selection and click Next.
11. Ensure All Authenticated Users is listed in the User Sets list and click Next.
12. Click Finish.
13. Click Apply to save the changes.
Publish Outlook Anywhere
Follow these steps to publish Outlook Anywhere through ISA 2006.
1. In the Tasks tab, click Publish Exchange Web Client Access.
2. Name the rule Outlook Anywhere and click Next.
3. Select Exchange 2007 from the Exchange version drop-down menu.
4. Enable Outlook Anywhere (RPC/HTTP(s)).
5. Enable Publish additional folders on the Exchange server for Outlook 2007 clients and click Next.
6. Select Publish a single web site or load balancer and click Next.
7. Select Use SSL to connect to the published Web server or server farm and click Next.
8. Enter remote.cohovineyards.com in the Internal site name field and click Next.
9. Enter remote.cohovineyards.com in the Public name field and click Next.
10. Select the SBS Web Listener and click Next.
11. Select No delegation, but client may authenticate directly as the authentication delegation selection and click Next.
12. In the User Sets page, click on All Authenticated Users and click Remove.
13. Click Add.
14. Select All Users, click Add, then click Close.
15. Click Next, then click OK in the warning dialog that appears.
16. Click Finish.
17. Click Apply to save the changes.
Publish Exchange ActiveSync
Follow these steps to publish Exchange ActiveSync through ISA 2006.
1. In the Tasks tab, click Publish Exchange Web Client Access.
2. Name the rule Exchange ActiveSync and click Next.
3. Select Exchange 2007 from the Exchange version drop-down menu.
4. Enable Exchange ActiveSync and click Next.
5. Select Publish a single web site or load balancer and click Next.
6. Select Use SSL to connect to the published Web server or server farm and click Next.
7. Enter remote.cohovineyards.com in the Internal site name field and click Next.
8. Enter remote.cohovineyards.com in the Public name field and click Next.
9. Select the SBS Web Listener and click Next.
10. Select Basic authentication and click Next.
11. Ensure All Authenticated Users is listed in the User Sets list and click Next.
12. Click Finish.
13. Click Apply to save the changes.
Publish Remote Web Workplace
Follow these steps to publish the Remote Web Workplace.
1. In the Tasks tab, click Publish Web Sites.
2. Name the rule SBS Remote Web Workplace and click Next.
3. Select Allow and click Next.
4. Select Publish a single web site or load balancer and click Next.
5. Select Use SSL to connect to the published Web server or server farm and click Next.
6. Enter remote.cohovineyards.com in the Internal site name field and click Next.
7. In the Path field, enter /remote/* and enable the Forward the original host header checkbox and click Next.
8. Enter remote.cohovineyards.com in the Public name field and click Next.
9. Select the SBS Web Listener and click Next.
10. Select No delegation, but client may authenticate directly as the authentication delegation selection and click Next.
11. In the User Sets page, click on All Authenticated Users and click Remove.
12. Click Add.
13. Select All Users, click Add, then click Close.
14. Click Next, then click OK in the warning dialog that appears.
15. Click Finish.
16. Click Apply to save the changes.
Publish Companyweb
Follow these steps to publish Companyweb through port 987.
1. In the Tasks tab of the ISA Management console, click Publish Web Sites.
2. Name the rule SBS Companyweb and click Next.
3. Select the Allow radio button and click Next.
4. Select Publish a single web site or load balancer and click Next.
5. Select Use SSL to connect to the published Web server or server farm and click Next.
6. In the Internal site name field, enter remote.cohovineyards.com and click Next.
7. In the Path (optional) field, enter /* and enable the Forward the original host header checkbox, then click Next.
8. In the Public name field, enter remote.cohovineyards.com and click Next.
9. Select the SBS Companyweb Listener from the drop down menu and click Next.
10. Select NTLM authentication and click Next.
11. Ensure that All Authenticated Users appears as the user set and click Next.
12. Click Finish.
13. Double-click on the new rule to make additional changes.
14. Select the To tab and select Requests appear to come from the original client.
15. Select the Bridging tab and change the Redirect requests to SSL port from 443 to 987.
16. Click OK to close the edit dialog.
17. Click Apply to save changes.
Complete the Network Configuration on the SBS Server
The last step is to complete the network changes on the SBS server to route traffic through the ISA server instead of the previous firewall. Follow these steps to complete the configuration changes.
1. Disconnect the previous firewall from the network. At this point, the ISP connection should be routed directly into the External NIC of the COHO-GATEWAY server.
2. On the SBS 2008 server, open the Windows SBS Console.
3. From the Home tab, click the Connect to the Internet link.
4. Click Next. NOTE: Because the Connect to the Internet wizard does not recognize ISA as a typical firewall, this first step in the process may take quite a while to complete.
5. When the wizard indicates that it cannot find the router, enter the Internal IP of the COHO-GATEWAY server (192.168.0.5) into the Router IP Address field.
6. Enter the IP address of the COHO-SERVER (192.168.0.2) into the Server IP address field.
7. Click Next.
8. When you receive the warning that a router was not found on the local network, click Yes.
9. When the Detecting your router and configuring your network page appears again, click Next.
10. Click Finish.
Confirm Proper Operation
Now that you have completed the configuration changes to the ISA 2006 server and the SBS 2008 server, you are ready to test access to all of the sites.
1. Confirm that the SBS 2008 server and the other workstations are able to access the Internet through the ISA 2006 server.
2. Attempt to connect to Outlook Web Access via from an off-site computer.
3. Attempt to connect to Remote Web Workplace via from an off-site computer.
4. From an off-site computer run the command telnet remote.cohovineyards.com 25 and ensure that you receive the proper response from the SMTP server:
220 remote.cohovineyards.net Microsoft ESMTP MAIL Service ready
5. Attempt to connect to Companyweb via from an off-site computer.
6. Use http://www.testexchangeconnectivity.com to test for proper operation of ActiveSync.
Ongoing Maintenance
Now that you have the ISA 2006 server configured and access to your network protected, there are a few other tasks you may choose to perform to help keep your ISA server running as efficiently as possible. This section includes instructions for performing the following tasks:
• Back up the ISA configuration
• Schedule Usage Reports
Back up the ISA Configuration
Once you get a working ISA configuration set, you should back up the settings so that you can recover them if needed in the future. In addition, you should also back up the ISA configuration prior to making any rule changes as well as making a backup after successfully implementing any rule changes. Follow these steps to make a backup of the ISA configuration.
1. Open the ISA Server Management Console.
2. Click on COHO-GATEWAY in the navigation tree.
3. Click on the Tasks pane.
4. Under Related Tasks, click Export (Back Up) this ISA Server Configuration.
5. In the Export Wizard, click Next.
6. In the Export Preferences page of the wizard, leave both checkboxes disabled and click Next.
7. In the Export File Location page of the wizard, click Browse to navigate to the folder where you want to save the configuration.
8. After browsing to the folder location, enter the name of the backup file (e.g., ISA2006Backup) in the File name field and click Open.
9. Click Next, then click Finish to complete the export of the ISA configuration.
10. When the export process finishes, click OK.
Schedule Usage Reports
ISA 2006 can generate and distribute usage reports on a scheduled basis. Follow these steps to create a Report Job that will be generated and e-mailed every week on Monday.
1. Open the ISA Server Management Console
2. Select the Monitoring node under COHO-GATEWAY in the navigation tree.
3. Click the Reports tab.
4. Click the Tasks tab.
5. Click the Create and Configure Report Jobs link under Report Tasks.
6. In the Report Jobs Properties window, click Add.
7. Enter the name for your report job (e.g., Weekly Web Usage Report) and click Next.
8. In the Report Content page of the wizard, select the content you wish to appear in the report and click Next.
9. In the Report Job Schedule page of the wizard, select the Weekly, on specified days radio button, then enable the Monday checkbox. Click Next.
10. In the Report Publishing page, enable the Publish reports to a directory checkbox.
11. In the Published reports directory, enter a UNC path to a location where the reports can be stored (e.g., COHO-SERVERPublicReports).
Note that this path must already exist and users must have access to read from the path.
12. Enable the Publish using this account checkbox and click Set Account.
13. In the User field, enter the name of a user with permission to write to the folder. Enter the user as domainusername.
14. Enter the password for the account in the Password and Confirm Password fields.
15. Click OK, then click Next.
16. In the Send E-mail Notification page, enable the Send e-mail notification for completed reports checkbox.
17. In the SMTP server field, enter the name of the SBS server (COHO-SERVER).
18. In the From field, enter the e-mail address of a user on the network.
19. In the To field, enter e-mail address(es) for the user(s) who will receive the report. If specifying multiple recipients, separate the addresses with a semi-colon.
20. In the Message field, enter the text that will be included in the e-mail to the user(s).
21. Enable the Include a link to the completed report in the message checkbox.
22. Click Test. If the server is able to communicate with the SMTP server correctly, you will receive a message indicating that the test was successful and a message was sent. If the test fails, you will receive a message that the test failed and a message was not sent. When the test completes successfully, click Next.
23. Review the settings for the report and click Finish.
24. The new Report Job will appear In the Report Jobs Properties window. Click OK to close the window.
25. Click Create and Configure Report Jobs again.
26. Select the job you just created and click Run Now.
27. Confirm that the recipients receive the e-mail for the report. Note that the actual report may not be created if the report is run out of cycle.