Troubleshooting why an ISA server cannot perform certain functionality should always
include a visit to the System Policy Editor. The built-in system policy rules allow for the
configuration of multiple deployment scenarios with ISA Server 2006.
Summary
ISA Server 2006 fills many roles at many organizations. In certain environments, it
provides dedicated web-proxy capabilities. In other locations, it serves as a dedicated OWA
reverse-proxy server. All these deployment scenarios utilize specific pieces of ISA functionality,
but the full range of ISA functionality can only be had when it is deployed as a dedicated
Application-layer firewall.
FIGURE 5.14 Viewing the System Policy Allowed Sites list.
156 CHAPTER 5 Deploying ISA Server 2006 as a Firewall
The capability of ISA firewalls to provide for robust and secure stateful inspection of all
traffic passing through them gives them an added edge over traditional packet-filtering
firewalls. In addition, the capability to provide for advanced logging, server publishing,
and VPN functionality positions ISA squarely in many environments for the long term.
Best Practices
. Deploy an ISA-secured perimeter network to isolate Internet-facing services from the
rest of the internal network.
Pages:
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309