It should be noted that the last rule on an ISA server is the default rule to deny all traffic if
not already specified. So if there isn??™t a specific rule above the default rule that allows for a
FIGURE 5.9 Examining firewall policy.
150 CHAPTER 5 Deploying ISA Server 2006 as a Firewall
certain protocol or activity, that protocol is blocked by the default rule. This rule exists to
preserve security: The ISA server is configured to allow only predefined activities to occur,
and anything not explicitly stated is disallowed.
Modifying Firewall Policy Rules
If the Network Template wizard was run, and a default policy other than Block All was
enacted, then a set of predefined rules should already exist on the newly configured ISA
server. Double-clicking on these rules individually is the way to modify them. The properties
box for a rule, shown in Figure 5.10, contains multiple configuration options on each
of the tabs as follows:
. General tab??”The General tab allows for modification of the rule name and also can
be used to enable or disable a rule. A disabled rule still shows up in the list, but is
not applied.
. Action tab??”The Action tab defines whether the rule allows or denies the type of
traffic defined in the rule itself.
Pages:
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301