isa 2000 std documentation edited: lot muteka

internal lan

wins 10.10.10.3
10.10.20.2

external network card

wins: no wins

isa management
janus configuration
incomining web request
auto dicovery
performace tub

fewer than 1000

outgoing web request

security

system and domain administrator full

access policy
monitoring

name
alerts
logs
report jobs

reports
 summary ; web usage; application usage; traffic& utilization; security

nothing important

access policy

1. site and contend rules ( red mean services disabled)

name scope description action applies to schedule destination content

any
allow rule array allow request always all destinations all
external mine any external server
access array allow request always access all

2. protocol rules

name scope action description protocol applies to schedule

allow domain admins array allow all ip traffic accounts: ongopolo\domain admins always
allow exchange array allow all ip traffic client sets: exchange server always
allow internet array allow ftp,http,https accounts: ongopolo\ongopolo internet always
allow isa <> external mines array allow all ip traffic client sets: isa server always
allow server traffic array allow all ip traffic client sets: mine servers always
allow www dns lookup array allow dns query,dns query server any request always
mail wizard rule - smtp. internal ip: 10.10.10.3 array allow smtp client sets: mail wizard set: 10.10.10.3 always
site access array allow ftp,http,https,smtp,smtp server client sets: internal always

3 ip packet filters
first part

name mode description filter type local computer

external ip address -
dhcp client allow custom filter 0.0.0.0
dns filter allow dns lookup default external ip address
internal machine -
dns outbound allow allow isa to do dns queries on the internet dns lookup 10.10.10.4
exchange dns allow allow exchange to do dns queries on the
internet to resolve domain dns
names. lookup internal machine - 10.10.10.3 any udp
internal machine -
exchange smtp allow allow incoming smtp mail to exchange smtp 10.10.10.3
icmp outbound allow icmp all outbound default external ip address
icmp ping response (in) allow icmp ping response default external ip address
icmp source
icmp source quench allow quench default external ip address
icmp timeout in allow icmp timeout default external ip address
icmp unreachable in allow icmp unreachable default external ip address
remote desktop allow custom filter default external ip address
internal machine -
smpt out allow custom filter 10.10.10.3
vnc allow custom filter default external ip address
second part

remote local remote icmp icmp

computer protocol direction port port type code
any udp both 68 67
send
any udp receive all ports 53
send
any udp receive all ports 53

send receive all ports 53

any tcp inbound 25 all ports
any icmp outbound all types all codes
any icmp inbound 0 0
any icmp inbound 4 0
any icmp inbound 11 all codes
any icmp inbound 3 all codes
any tcp inbound 3389 all ports
any tcp outbound all ports 25
any tcp inbound 5800 all ports

publishing

name
web publishing rules
server publishing
rules
web publishing rule
order name description action applies to destination
default any all
last rule deny request destinations

server publishing rule

first part
internal ip
name description protocol address
allow incoming mail to the exchange smtp
mail wizard rule - smtp server. published ip: 196.44.140.218 server server 10.10.10.3
vnc vnc 10.10.10.4

second part – just disable vnc

external ip
address applies to
any
196.44.140.218 request
any
196.44.140.218 request

band width rules

order name description bandwidth priority protocol destination schedule applies to content
default default bandwidth all ip all any
last rule priority traffic destinations always request all

policy elements
name
schedules
bandwidth
priorities
destination sets
client address sets
protocol
definitions
content groups
dial-up entries

schedules

name description
weekends
work
hours

bandwidth priorities

outbound inbound
name description bandwidth bandwidth
default bandwidth
priority 100 100

destination sets
name description destinations
external server 10.10.0.0 -
access 10.10.60.255
 10.10.20.0 -
mine servers access 10.10.60.255

client address sets

name description clients
exchange server 10.10.10.3
internal 10.10.0.1 - 10.10.60.254
isa server 10.10.10.4
mail wizard set:
10.10.10.3 10.10.10.3
10.10.10.3 -
mine servers 10.10.10.4,10.10.20.2,10.10.50.2,10.10.60.2

protocol definition

protocol
name description defined by port number type direction
any rpc server allows all rpc interfaces application filter 135 tcp inbound
aol instant messenger aol instant messenger protocol isa server 5190 tcp outbound
archie archie protocol isa server 1525 udp send receive
chargen(tcp) character generator protocol (tcp) isa server 19 tcp outbound
chargen(udp) character generator protocol (udp) isa server 19 udp send receive
daytime(tcp) daytime protocol (tcp) isa server 13 tcp outbound
daytime(udp) daytime protocol (udp) isa server 13 udp send receive
discard(tcp) discard protocol (tcp) isa server 9 tcp outbound
discard(udp) discard protocol (udp) isa server 9 udp send receive
dns query domain name system isa server 53 udp send receive
dns query server domain name system - server isa server 53 udp receive send
dns zone transfer dns zone transfer protocol isa server 53 tcp outbound
dns zone transfer
server dns zone transfer - server isa server 53 tcp inbound
echo (tcp) echo protocol (tcp) isa server 7 tcp outbound
echo (udp) echo protocol (udp) isa server 7 udp send receive
allows publishing exchange server
exchange rpc server for rpc access from external network application filter 135 tcp inbound
finger finger protocol isa server 79 tcp outbound
ftp ftp protocol application filter 21 tcp outbound
ftp download only ftp download only protocol application filter 21 tcp outbound
ftp server ftp server protocol application filter 21 tcp inbound
gopher gopher protocol isa server 70 tcp outbound
h.323 protocol - allow
h.323 protocol q.931/h.245/rtp/rtcp/t.120 application filter 1720 tcp outbound
http hyper text transfer protocol (http) isa server 80 tcp outbound
https secure hyper text transfer protocol isa server 443 tcp outbound
secure hyper text transfer protocol -
https server server isa server 443 tcp inbound
citrix intelligent console architecture
ica protocol isa server 1494 tcp outbound
icq instant messenger protocol
icq (legacy) isa server 4000 udp send
icq 2000 icq 2000 protocol isa server 5190 tcp outbound
ident ident protocol isa server 113 tcp outbound
imap4 interactive mail access protocol isa server 143 tcp outbound
interactive mail access protocol
imap4 server (imap) - server isa server 143 tcp inbound
secure interactive mail access
imaps protocol isa server 993 tcp outbound
secure interactive mail access
imaps server protocol (imap) - server isa server 993 tcp inbound
irc internet relay chat isa server 6667 tcp outbound
kerberos-adm(tcp) kerberos administration (tcp) isa server 749 tcp outbound
kerberos-adm(udp) kerberos administration (udp) isa server 749 udp send receive
kerberos-iv kerberos iv authentication protocol isa server 750 udp send receive
kerberos-sec(tcp) kerberos v authentication protocol isa server 88 tcp outbound
kerberos v authentication protocol
kerberos-sec(udp) (udp) isa server 88 udp send receive
 lightweight directory access protocol
ldap (ldap) isa server 389 tcp outbound
lightweight directory access protocol
ldap gc (global catalog) global catalog protocol isa server 3268 tcp outbound
secure lightweight directory access
ldaps protocol isa server 636 tcp outbound
ldaps gc (global secure lightweight directory access
catalog) protocol global catalog protocol isa server 3269 tcp outbound
microsoft sql server microsoft sql server protocol isa server 1433 tcp inbound
microsoft media streaming protocol -
mms - windows media client application filter 1755 mixed mixed
mms - windows media microsoft streaming media protocol -
server server application filter 1755 mixed mixed
msn msn internet access protocol isa server 569 tcp outbound
msn messenger msn messenger protocol isa server 1863 tcp outbound
net2phone net2phone protocol isa server 6801 udp send
net2phone registration net2phone registration protocol isa server 6500 tcp outbound
netbios datagram netbios datagram protocol isa server 138 udp send
netbios name service netbios name service protocol isa server 137 udp send receive
netbios session netbios session protocol isa server 139 tcp outbound
network news transfer protocol
nntp (nntp) isa server 119 tcp outbound
network news transfer protocol -
nntp server server isa server 119 tcp inbound
secure network news transfer
nntps protocol isa server 563 tcp outbound
secure network news transfer
nntps server protocol - server isa server 563 tcp inbound
ntp (udp) network time protocol (udp) isa server 123 udp send receive
pnm - realnetworks realnetworks streaming media
protocol (client) protocol (pnm) - client application filter 7070 tcp outbound
pnm - realnetworks realnetworks streaming media
protocol (server) protocol (pnm) - server application filter 7070 tcp inbound
pop2 post office protocol v.2 isa server 109 tcp outbound
pop3 post office protocol v.3 isa server 110 tcp outbound
pop3 server post office protocol v.3 - server isa server 110 tcp inbound
pop3s secure post office protocol v.3 isa server 995 tcp outbound
secure post office protocol v.3 -
pop3s server server isa server 995 tcp inbound
quote (tcp) quote of the day protocol (tcp) isa server 17 tcp outbound
quote (udp) quote of the day protocol (udp) isa server 17 udp send receive
remote authentication dial-in user
radius service protocol isa server 1812 udp send receive
remote authentication dial-in user
radius accounting service accounting protocol isa server 1813 udp send receive
remote desktop protocol (terminal
rdp (terminal services) services) isa server 3389 tcp outbound
remote desktop user 3389 tcp inbound
rip routing information protocol isa server 520 udp send receive
rlogin remote login protocol isa server 513 tcp outbound
rtsp real time streaming protocol - client application filter 554 tcp outbound
rtsp server real time streaming protocol - server application filter 554 tcp inbound
smtp simple mail transfer protocol (smtp) isa server 25 tcp outbound
smtp server simple mail transfer protocol - server isa server 25 tcp inbound
smtps secure simple mail transfer protocol isa server 465 tcp outbound
secure simple mail transfer protocol
smtps server (smtp) - server isa server 465 tcp inbound
simple network management
snmp protocol isa server 161 udp send receive
simple netowrk management
snmp trap protocol - trap isa server 162 udp send receive
ssh secure shell protocol isa server 22 tcp outbound
telnet telnet protocol isa server 23 tcp outbound
telnet server telnet protocol - server isa server 23 tcp inbound
tftp trivial file transfer protocol isa server 69 udp send
time (tcp) time protocol (tcp) isa server 37 tcp outbound
time (udp) time protocol (udp) isa server 37 udp send receive
vnc user 5800 tcp inbound
whois nickname/whois protocol isa server 43 tcp outbound

content group

name description content types

application/hta,application/x-internet-signup,application/x-pkcs7-certificates,application/x-sv4crc,application/octe
application applications initiation,application/
application data files files containing data for applications application/x-mscardfile,application/x-perfmon,application/x-msclip,application/x-msmoney,application/winhlp,app
audio audio files audio/*,.ra,.ram,.rmi,.au,.snd,.aif,.aifc,.wav,.m3u,...
compressed files compressed files application/x-gzip,application/x-tar,application/x-gtar,application/x-compress,application/x-compressed,applicatio
documents documents text/tab-separated-values,text/xml,text/h323,application/postscript,application/pdf,.ai,.323,.eps,.pdf,.ps,...
html documents html documents text/webviewhtml,text/html,.htm,.html,.htt,.stm,.xsl
images all known types of images .cod,.cmx,.ief,.pbm,.pnm,.ppm,.gif,.bmp,.jfif,.jpe,...
documents that may contain
macro documents macros application/msword,application/vnd.ms-excel,application/x-msaccess,application/vnd.ms-project,application/vnd.
text text content .txt,.h,.c,.htc,.vcf,.etx,.uls,.css,.bas,.rtx,...
video video files video/*,.asf,.asr,.asx,.avi,.ivf,.lsf,.lsx,.mov,.movie,...
vrml vrml x-world/x-vrml,.flr,.wrl,.wrz,.xaf,.xof

dial up entries

nothing man

cache configuration
name
scheduled content download jobs
drives
scheduled
nothing important

drives

server cache size on all ntfs drives (mb) disk size on all ntfs drives (mb) free space on all ntfs drives (mb)
janus 5000 34889 25580

monitoring configurations
alerts
logs
report
jobs

alerts

name description server event

alert action failure the action associated with this alert failed. janus alert a
cache container initialization error the cache container initialization failed and the initialization was ignored. janus cache
cache container recovery
complete recovery of a single cache container was completed. janus cache
cache file resize failure the operation to reduce the size of the cache file failed. janus cache
cache initialization failure the web cache proxy was disabled because of a global failure. janus cache
cache restoration completed the cache content restoration was completed. janus cache
cache write error there was a failure in writing content to the cache. janus cache
cached object discarded during cache recovery, an object with conflicting information was detected. the conflicting object was discarded. janus cache
component load failure failed to load an extension component. janus compo
configuration error an error occurred while reading configuration information. janus config
dial-on-demand failure failed to create a dial-on-demand connection, either because there is no answer or the line is busy. janus dial-on
dns intrusion a host name overflow, length overflow, zone high port, or zone transfer attack occurred. janus dns in
event log failure an attempt to log the event information to the system event log failed. janus event
firewall communication failure there is a failure in communication between the firewall client and the isa server firewall service. janus client/s
intrusion detected an intrusion was attempted by an external user. janus intrusi
invalid dial-on-demand credentials dial-on-demand credentials are invalid. janus invalid
invalid odbc log credentials. the specified user name or password for this odbc database is invalid. janus invalid
ip packet dropped ip packet was dropped according to specified policy. janus ip pac
ip protocol violation a packet with invalid ip options was detected and the packet dropped. janus ip prot
ip spoofing the ip packet source address is not valid. janus ip spo
log failure one of the service logs failed. janus log fai
missing installation component a component that was configured for the array is missing on this server. janus missin
network configuration changed a network configuration change that affects isa server was detected. janus netwo
no available ports failed to create a network socket because there are no available ports janus no ava
operat
os component conflict there is a conflict with one of the operating system components: nat editor, ics, or rras. janus conflic
isa server dropped a udp packet because it exceeded the maximum udp packet size, as specified in the registry
oversized udp packet key. janus oversi
pop intrusion pop buffer overflow detected janus pop in
report summary generation failure an error occurred while generating a report summary from log files janus report
resource allocation failure a resource allocation failure has occurred. for example, insufficient memory resources. janus resour
routing (chaining) failure the isa server failed to route the request to an upstream server. janus routing
routing (chaining) recovery the isa server resumed routing to an upstream server. janus routing
rpc filter - connectivity changed the connectivity to the publishing rpc service changed janus rpc filt
server publishing failure the server publishing rule is configured incorrectly. janus server
server publishing is not applicable. the server publishing rule cannot be applied. janus server
server publishing recovery the server publishing rule can now be applied. janus server
service initialization failure the service failed to initialize. janus service
service not responding an isa server service terminated or stopped functioning unexpectedly. janus service
service shutdown the service was stopped gracefully. janus service
service started service started. janus service
smtp filter event an smtp command rule was violated janus smtp f
socks configuration failure the port specified in socks properties is in use by another protocol. janus socks
the server is not in the array's site all members of the array must be in the same site. this server is in a different site. janus the se
unregistered event an unregistered event occurred. janus unregi
upstream chaining credentials upstream chaining credentials are invalid. janus upstre
wmt live stream splitting failure the streaming application filter encounter an error during wmt live stream splitting janus wmt liv

logs & report job

not important

extensions

name
application
filters
web filters

application filters

name description vendor version

dns intrusion detection
filter intercepts and analyzes dns traffic destined for the internal network internet security systems (iss), inc. 3
ftp access filter enables ftp protocols (client and server) microsoft 3
h.323 filter microsoft h.323 filter microsoft 3
http redirector filter redirects requests from firewall and securenat clients to the web proxy service microsoft 3
pop intrusion detection
filter checks for pop buffer overflow attacks internet security systems (iss), inc. 3
rpc filter enables publishing of rpc servers microsoft 3
smtp filter filters smtp traffic microsoft 3
socks v4 filter enables socks 4 communication microsoft 3
streaming media filter enables streaming protocols microsoft 3
web filters – nothing

network configurations

configuration
routing
local address table (lat)
local domain table (ldt)

local address table – lat

from to description
10.10.0.0 10.10.60.254

local domain table

name description
*.ongopolo.com
component
web browser

firewal client
 component
web browser

firewal client

local services

name status startup log on as

type
alerter started automatic localsystem
computer browser started automatic localsystem
dhcp client started automatic localsystem
distributed file system started automatic localsystem
distributed link tracking client started automatic localsystem
distributed transaction coordinator started automatic localsystem
dns client started automatic localsystem
dns server started automatic localsystem
event log started automatic localsystem
ipsec policy agent started automatic localsystem
license logging service started automatic localsystem
logical disk manager started automatic localsystem
messenger started automatic localsystem
microsoft firewall started automatic localsystem
microsoft isa server control started automatic localsystem
microsoft web proxy started automatic localsystem
net logon started automatic localsystem
plug and play started automatic localsystem
print spooler started automatic localsystem
protected storage started automatic localsystem
remote procedure call (rpc) started automatic localsystem
remote registry service started automatic localsystem
removable storage started automatic localsystem
runas service started automatic localsystem
security accounts manager started automatic localsystem
server started automatic localsystem
simple mail transport protocol (smtp) automatic localsystem
system event notification started automatic localsystem
task scheduler started automatic localsystem
tcp/ip netbios helper service started automatic localsystem
terminal services started automatic localsystem
terminal services licensing automatic localsystem
trend serverprotect started automatic localsystem
vnc server started automatic localsystem
windows management instrumentation started automatic localsystem
windows time started automatic localsystem
workstation started automatic localsystem
world wide web publishing service automatic localsystem
iis admin service disabled localsystem
intersite messaging disabled localsystem
kerberos key distribution center disabled localsystem
microsoft scheduled cache content download disabled localsystem
routing and remote access disabled localsystem
application management manual localsystem
clipbook manual localsystem
com+ event system started manual localsystem
distributed link tracking server manual localsystem
fax service manual localsystem
file replication manual localsystem
indexing service manual localsystem
internet connection sharing manual localsystem
logical disk manager administrative service manual localsystem
netmeeting remote desktop sharing manual localsystem
network connections started manual localsystem
network dde manual localsystem
network dde dsdm manual localsystem
nt lm security support provider started manual localsystem
performance logs and alerts manual localsystem
qos rsvp manual localsystem
remote access auto connection manager manual localsystem
remote access connection manager started manual localsystem
remote procedure call (rpc) locator manual localsystem
smart card manual localsystem
smart card helper manual localsystem
telephony started manual localsystem
telnet manual localsystem
uninterruptible power supply manual localsystem
utility manager manual localsystem
windows installer manual localsystem
windows management instrumentation driver
extensions started manual localsystem