Even without the Firewall client share in place, it may be advisable to configure these
options to add an additional layer of security to ISA, in the event that a problem with the
FIGURE 2.14 Configuring SMB signing options.
60 CHAPTER 2 Installing ISA Server 2006
Firewall service allows SMB traffic to be sent to the machine. To continue with the
Template creation, do the following:
1. Ensure that both check boxes on the SMB Security Signatures dialog box are
checked, and click Next to continue.
2. The subsequent dialog box, shown in Figure 2.15, controls outbound authentication
levels, which, in addition to the default, Domain Accounts, should also include the
Local Accounts on the remote computer setting, if the server will be used for site-tosite
VPN access. Site-to-site VPN with ISA 2006 requires local accounts, and if this
box is not checked, the VPN tunnel will fail. Click Next to continue.
The next dialog box, Outbound Authentication Using Domain Accounts, controls LAN
Manager authentication levels. In nearly all environments, except for those with downlevel
(pre??“Windows NT 4.0 Service Pack 6a) environments, the check box for Windows NT
4.
Pages:
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172