Are you looking for a way to significantly enhance security for your Internet-facing Microsoft applications and services? If so, take a look at Microsoft Internet and Security Acceleration (ISA) Server 2004, which makes a quantum leap beyond its predecessor, ISA Server 2000. ISA Server 2004 provides a network firewall that performs both stateful filtering (at the Open System Interconnection—OSI—model's transport layer 4 and below) and stateful application-layer (layer 7) filtering on all installed interfaces.
Many organizations have an existing firewall infrastructure but still want to obtain the security benefits that ISA Server 2004 provides. The ISA Server 2004 firewall is extremely flexible and has a number of viable deployment options. One of the most common and most secure of these options is a back-to-back firewall configuration, in which a traditional packet filterbased hardware firewall on the front end provides basic stateful filtering to protect the demilitarized zone (DMZ) between the firewall and the LAN interface, and an ISA Server 2004 firewall on the back end provides both stateful filtering and stateful application-layer inspection to protect core business resources.
Filtering remote access to Microsoft Exchange Server services is a popular ISA Server scenario, and several of the firewall's new technologies provide a unique level of protection for Internet-facing Exchange services, especially Microsoft Outlook Web Access (OWA). If you're interested in placing an ISA Server firewall behind an existing packet filterbased hardware firewall, this scenario provides a good example of the required procedures. Figure 1 shows a high-level view of the back-to-back firewall design. Key features of the network and firewall topology include the following: . . .
Why become a VIP member?
 |
VIP-only online access |
 |
VIP CD delivered twice a year: offline access to the entire Windows IT Pro article library |
 |
Monthly issue of your choice of Windows IT Pro or SQL Server Magazine |
Register
