Implementing ISA Server Publishing - PowerPoint PPT Presentation

About This Presentation
Title:

Implementing ISA Server Publishing

Description:

Implementing ISA Server Publishing Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks available ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 36
Provided by: phucdangF
Category:

less

Transcript and Presenter's Notes

Title: Implementing ISA Server Publishing


1
Implementing ISA ServerPublishing
2
Introduction
  • What Are Web Publishing Rules?
  • ISA Server uses Web publishing rules to make Web
    sites on protected networks available to users on
    other networks, such as the Internet.
  • A Web publishing rule is a firewall rule that
    specifies how ISA Server will route incoming
    requests to internal Web servers

3
  • Web publishing rules provide
  • Access to Web servers running HTTP protocol
  • HTTP application-layer filtering
  • Path mapping
  • User authentication
  • Content caching
  • Support for publishing multiple Web sites using a
    single IP address
  • Link translation

4
What Are Server Publishing Rules
  • Web publishing and secure Web publishing rules
    can grant access only to Web servers using HTTP
    or HTTPS.
  • To grant access to internal resources using any
    other protocol, you must configure server
    publishing rules
  • Server publishing rules provide
  • Access to multiple protocols
  • Application-layer filtering for specified
    protocols
  • Support for encryption
  • IP address logging for the client computer

5
Considerations for Configuring DNS for Web and
Server Publishing
6
Configuring Web Publishing Rules
  • Components of a Web Publishing Rule
    Configuration
  • Web publishing rules map incoming HTTP or HTTPS
    requests to the appropriate Web servers located
    on a network protected by ISA Server.
  • Web publishing rules determine what incoming
    requests for HTTP objects will be accepted by ISA
    Server and how ISA Server will respond to those
    requests.

7
How to Configure Web Listeners
  • Web listeners are used by Web and secure Web
    publishing rules.
  • A Web listener is an ISA Server configuration
    object that defines how the ISA Server computer
    listens for HTTP requests and SSL requests.
  • The Web listener defines the network, IP address,
    and the port number on which ISA Server listens
    for client connections.

8
How to Configure Web Listeners
  • If the ISA Server computer receives a HTTP or
    HTTPS on a network adapter and no Web listener is
    configured for the IP address associated with the
    network adapter, ISA Server will discard all the
    requests before applying Web server publishing
    rules.

9
How to Configure Web Listeners
  • NetworkThis option specifies the network on
    which ISA Server will listen for incoming Web
    requests
  • Port numbersThis option specifies the port
    number on which the Web listener will listen for
    incoming Web requests
  • Client authentication methodsThis option
    specifies the supported authentication methods if
    you are going to require authentication on the
    Web listener
  • Client Connection SettingsThis option specifies
    the number of concurrent client connections and
    connection timeout values for the Web listener.

10
How to Configure Web Listeners
11
If you have multiple network adapters or multiple
IP addresses
12
  • On the Port Specification page, select the
    protocol and port number used by the Web listener

13
  • modify the Web listener settings by
    doubleclicking the Web Listener object in the
    Toolbox

14
  • To configure the client connection options, click
    Advanced on the Preferences tab to get to the
    Advanced Settings dialog box

15
How to Configure Path Mapping
  • Path mapping is an ISA Server feature that
    enables ISA Server to redirect user requests to
    an alternate path on internal Web servers.
  • When a user connects to a Web site published on
    ISA Server, the user types a specific URL.
  • Before forwarding a request to the published Web
    server, ISA Server checks the URL specified in
    the request
  • If a path mapping is configured for that URL, ISA
    Server will replace the path specified in the
    request with an internal path name and forward it
    to the appropriate Web server

16
How Path Mapping Works
  • Path mapping can be used in several different
    scenarios
  • For example
  • An organization may have a Web sitehttp//www.coh
    ovineyard.com.
  • If the entire Web site is located on a single Web
    server you can use path mapping to redirect
    client requests to different virtual directories
    on that server.
  • The URL http//www.cohovineyard.com/catalog can
    be redirected to a virtual directory named
    CurrentCatalog on the Web server
  • the URL http//www.cohovineyard.com/sales is
    redirected to the SalesData virtual directory

17
  • You can also use path mapping to redirect client
    requests to multiple internal Web servers.
  • For example
  • when users request the URL http//www.cohovineyard
    .com/sales,they can be directed to the Sales
    virtual directory on one Web server.
  • When users request the URL http//www.cohovineyard
    .com/catalog, they are redirected to a Catalog
    virtual directory on another Web server

18
How to Configure Path Mapping
  • ISA Server Management -gtFirewall Policy-gtWeb
    publishing rule-gtTasks-gtEdit Selected Rule.

19
(No Transcript)
20
How to Configure Link Translation
  • Path mapping allows you to redirect client
    requests from the ISA Server computer to
    different locations on one or more Web servers.
  • By using path mapping you can mask a complex
    internal Web server configuration and present a
    simple Web site view to the Internet.
  • Link translation can provide the same end result,
    but is used in different situations.
  • Link translation is used when the Web pages
    published on ISA Server contain links to other
    Web servers on the protected network, and those
    Web servers are not accessible from the Internet

21
  • Link translation is an ISA Server configuration
    object that enables ISA Server to replace
    internal server names on Web pages with server
    names that are accessible from the Internet
  • Some published Web sites may include references
    to internal names of computers other than the
    server listed in the Web publishing rule

22
Link Translation Levels
  • Header link translation
  • Translation of links in the body of a returned
    Web page
  • EXWeb page on a server named Web1 is accessed
    through the URL www.cohovineyard.com may include
    a reference to an image using http//Web1.cohovine
    yard.com/images/image1.jpg
  • Translation of links to other internal Web pages

23
How to Configure Link Translation
  • ISA Server Management-gtFirewall Policy-gtWeb
    publishing rule-gtLink Translation

24
(No Transcript)
25
How to Configure Web Publishing Rules
  • ISA Server Management-gtTasks-gtPublish A Web Server

26
Configuring Secure Web Publishing Rules
  • Secure Web publishing provides an additional
    layer of security when publishing an internal Web
    site by enabling the option to use SSL to encrypt
    all network traffic to and from the Web site.
  • Secure Web publishing is critical when securing
    Web sites that contain confidential information,
    or when the Web site asks clients to submit
    confidential information such as credit-card
    numbers

27
Components of a Secure Web Publishing Rule
Configuration
  • What Is Secure Sockets Layer?
  • Secure Sockets Layer (SSL) is used to validate
    the identities of two computers involved in a
    connection across a public network, and to ensure
    that the data sent between the two computers is
    encrypted.
  • To do this, SSL uses digital certificates and
    public and private keys.

28
What Is Secure Sockets Layer
  • SSL enables the following features
  • Server authentication
  • Client authentication
  • Encrypted SSL connections

29
SSL Configuration Options
  • SSL tunneling
  • the SSL connection is set up directly between the
    client computer and the Web server
  • the ISA Server computer does not encrypt or
    decrypt the network packets but merely forwards
    encrypted packets between the client and the Web
    server.
  • ISA Server cannot inspect the content of the
    packets because the contents are encrypted as
    they pass through theISA Server computer.

30
  • SSL bridging
  • the ISA Server computer acts as the end point for
    one or more SSL connections
  • The network packets can still be encrypted from
    the Web client to the Web server.
  • however, in an SSL bridging scenario, the ISA
    Server computer will decrypt network traffic from
    the client computer and then re-encrypt it before
    sending it to the Web server

31
Enabling SSL on ISA Server
  • If you plan to use SSL in an SSL tunneling
    configuration, you must install a digital
    certificate only on the Web server. The Web
    server and the client will use this certificate
    and the associated keys to create the SSL
    connection.
  • If you plan to use SSL in a SSL bridging
    configuration, you must install a digital
    certificate on the ISA Server computer, and
    possibly, on the Web server.To create an SSL
    connection with the client, the ISA Server
    computer must have a certificate installed.
  • If you require client certificates, you also need
    install digital certificates on each client
    computer.

32
How to Install Digital Certificates on ISA Server
  • How to Configure a New Secure Web Publishing Rule

33
Configuring Server Publishing Rules
  • Web publishing rules are used on ISA Server to
    enable access to HTTP and HTTPS content on
    internal Web servers.
  • Server publishing rules are used to enable access
    to internal applications that use other
    protocols.
  • Server publishing is a secure and flexible way to
    publish the content or services provided by
    internal servers to the Internet

34
Components of a Server Publishing Rule
Configuration
  • Server publishing rules are used on ISA Server to
    map a port number on an external interface of the
    ISA Server computer to the IP address of an
    internal server providing a specific service.
  • When ISA Server receives a request on the
    external IP address for a specific port, it
    passes the request to the internal server defined
    on the server publishing rule

35
  • ISA Server performs the following steps
  • 1.A client computer on the Internet needs to
    access an application server on a network
    protected by the ISA Server computer. the client
    computer will perform a DNS lookup to locate the
    IP address for the server that is providing the
    service
  • 2. ISA Server checks the destination port number
    and then uses the server publishing rule to map
    the request to an IP address of an internal
    server.
  • 3. The internal server returns the object to the
    ISA Server computer, which passes it on to the
    requesting client

36
How to Configure a Server Publishing Rule
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Implementing ISA Server Publishing" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!