ISA 2004 Firewall - Quick Setup of 3 Websites, Remote Desktop, and SQL Server Ports

Hey everyone,

I've got a new web server that I have to host in the DMZ at the data center that we host our servers at.  So we placed ISA 2004 as the application layer firewall and now I have it up and running for the first time.

I have never used software protection like this before...nor have I used ISA...but I'm sure without it I'll be hosting video game torrents for the pirating public.

I've got the server on my local 10.0.0.0 network and the server has 10.0.0.64.  Once hosted in the data center it will have something like 69.84.XX.XXX so I need to know what is going on so that I don't get locked up in a scheme when I get to the data-center to get it up and running.  

I'll need the following to be able to run.  
1) IIS and port 80 to run websites.
2) 3389 for RDP to the server
3) MS SQL 1433 and 14334

and finially,
4) Allow Symantic AV to update...it got locked down after I installed ISA.

The ISA I installed is the Standard edition with the typical installation.  SP2 was installed for ISA and it is on Windows 2003 Standard R2.

Thanks a million,
inverted

LVL 2
inverted_2000Asked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
By enabling the default rule to talk to all networks, ISA will not be doing its job. You have made the ISA into a half-hearted router.

I have put some links here that you may wish to have a read through. This will give you the concepts then if you still have concerns/issues we can try and work through them. ISA is fairly straight-forward once you have an understanding of the basics. You will need to undo the changes you put in. No offence.

RDP Publishing
http://www.isaserver.org/tutorials/Publishing-Remote-Desktop-Web-Connection-Sites-ISA-Firewall-Part1.html
http://www.isaserver.org/tutorials/Publishing-Remote-Desktop-Web-Connection-Sites-ISA-Firewall-Part2.html
http://www.isaserver.org/tutorials/Publishing-Remote-Desktop-Web-Connection-Sites-ISA-Firewall-Part3.html

Use the same concept for your SQL servers

Web Publishing
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/publishingwebservers.mspx
http://support.microsoft.com/default.aspx?kbid=837834&product=isas2004
0
 
inverted_2000Author Commented:
okay...I allowed the filter for the default policy to enable all networks to the server's network and it all worked.

Thanks anyway,
inverted
0
 
Keith AlabasterEnterprise ArchitectCommented:
Sure, but you have also turned ISA off
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
inverted_2000Author Commented:
I have...what should I do then?

Thanks
0
 
inverted_2000Author Commented:
Please explain why it is off then???

Thanks
0
 
inverted_2000Author Commented:
Nice...

I have an ISA Certified contact at the data center...so I think I'll be safe with that as a back up.

Thanks a lot,
inverted
0
 
Keith AlabasterEnterprise ArchitectCommented:
Not my problem. If you need further help, just holler :)

Regards

Keith
ISA MCT
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.