You are on page 1of 26

ISA FIREWALL

Ni Dung
1. TNG QUAN V ISA SERVER 2006
2. Ci t ISA Server 2006
3. PHN LOI V CU HNH ISA SERVER CLIENTS
4. Trin khai ISA server 2006

1. TNG QUAN V ISA SERVER 2006


1.1 Gii thiu v ISA server 2006
Microsoft Internet Security and Acceleration Sever (ISA
Server) l phn mm xy dng bc tng la (Firewall)
kh ni ting v c s dng kh ph bin ca hng phn
mm Microsoft. C th ni y l mt phn mm kh hiu
qu, n nh, d cu hnh, firewall tt, nhiu tnh nng cho
php bn cu hnh sao cho tng thch vi mng LAN ca
bn.

1. TNG QUAN V ISA SERVER 2006


1.2 Cc phin bn ca ISA server 2006
1.2.1: Standard : ISA Server 2006 Standard p ng nhu
cu bo v v chia s bng thng cho cc cng ty c quy
m trung bnh.
1.2.1: Enterprise : ISA Server 2006 Enterprise c s
dng trong cc m hnh mng ln, p ng nhiu yu cu
truy xut ca ngi dng bn trong v ngoi h thng.
Ngoi nhng tnh nng c trn ISA Server 2006, bn
Enterprise cn cho php thit lp h thng mng cc ISA
Server cng s dng mt chnh sch, iu ny gip d
dng qun l v cung cp tnh nng cn bng ti.

1. TNG QUAN V ISA SERVER 2006


1.3. Tnh nng chnh ca ISA server 2006

1.3.1. Truy cp Web nhanh vi cache hiu sut cao:


Ngi dng c th truy cp web nhanh hn bng cci tng ti ch trong cache
so vi vic phi kt ni vo Internet lc no cng tim tng nguy c tc nghn.
Gim gi thnh bng thng nh gim lu lng internet
1.3.2. Kt ni Internet an ton nh nhiu lp
Bo v mng trc cc truy nhp bt hp php bng cnh gim st lu lng mng
ti nhiu lp.
Lc lu lng mng i vn m bo an ton.
Cung cp truy cp an toan cho ngi dng hp l t Internet ti mng ni ti nh
s dng mng ring o.

1. TNG QUAN V ISA SERVER 2006


1.3. Tnh nng chnh ca ISA server 2006
1.3.3. Qun l thng nht vi s qun tr tch hp.
iu khin truy cp tp trung m bo tnh an ton v
pht huy hiu lc ca cc chnh sch vn hnh
Tng hiu xut nh vic gii hn truy cp ti internet
ca mt s cc ng dng v ch n
Cp pht bng thng ph hp vi cc u tin
1.3.4. Kh nng m rng.
Ch trng ti an ton v thi hnh nh s dng ISA server
software development kit (SDK) vi cc thnh phn b
sung, Chc nng m rng an ton cho cc sn xut th ba

2. Ci t ISA Server 2006


2.1. Tin trnh ci t
Trc tin ci t ISA th yu cu my ISA phi c t
nht 2 card mng, mt card ni vi mng bn trong
(Internal) v card mang cn li ni ra Internet (External)
Cho a ISA server 2006 vo v chn Install ISA server
2006

2. Ci t ISA Server 2006


2.1. Tin trnh ci t
y l giao din ca ISA server 2006 sau khi chng ta ci
thnh cng

3. PHN LOI V CU HNH ISA SERVER CLIENTS


3.1. Phn loi
SecureNAT client l my tnh c cu hnh vi thng
s chnh Default gateway gip nh tuyn ra Internet thng
qua ISA Server 2006 firewall.
Web Proxy client l my tnh c trnh duyt internet
(vd:Internet Explorer) c cu hnh dng ISA Server
2006 firewall nh mt Web Proxy server ca n.
Firewall client l my tnh c ci Firewall client
software. Firewall client software chn tt c cc yu cu
thuc dng Winsock application (thng thng, l tt c
cc ng dng chy trn TCP v UDP)

3. PHN LOI V CU HNH ISA SERVER CLIENTS


3. 2. Cu hnh
3.2.1. SecureNAT Client
Ti my CLIENT, right click My Network Places icon trn
desktop v click Properties.
Trong Network and Dial-up Connections, right click Local
Area Connection v click Properties.
Trong Local Area Connection Properties dialog box, click
Internet Protocol (TCP/IP) , click Properties.
Trong Internet Protocol (TCP/IP) Properties dialog box,
chng ta khai bo IP, Subnet mask, DNS, quan trng nht l
khai bo Default Gateway sao cho mi thng tin hng ra
internet phi c nh tuyn n ISA server.

3. PHN LOI V CU HNH ISA SERVER CLIENTS


3. 2. Cu hnh
M hnh SecureNAT Client

3. PHN LOI V CU HNH ISA SERVER CLIENTS


3. 2. Cu hnh
3.2.2 . Web Proxy Client
Trn my CLIENT, right click Internet Explorer icon
nm trn desktop,click Properties.
Trong Internet Properties dialog box, click
Connections tab. trn Connections tab, click LAN
Settings button.
Trong Local Area Network (LAN) Settings dialog box.
Ti Proxy server chng ta in IP ca ISA server v port
8080

3. PHN LOI V CU HNH ISA SERVER CLIENTS


3. 2. Cu hnh
3.2.2 . Web Proxy Client

3. PHN LOI V CU HNH ISA SERVER CLIENTS


3. 2. Cu hnh
3.2.3. Firewall Client: Vo th mc Client trong a ISA 2006
chy file setup.exe .

Chn option Connect ti this ISA server computer,


my ISA Next Install.

nhp vo IP internal ca

4. Trin khai ISA server 2006


4.1. To Rule
To Rule cho php ngi qun tr c th cho php hay
cm bt k my no trong mng hay ton b mng . Sau
y l cc bc to ra 1 Access Rule
Chy chng trnh ISA bng cc click chut vo ISA
server Management
Right click vo Firewall Policy chn New chn
Access Rule

4. Trin khai ISA server 2006


4.1. To Rule

4. Trin khai ISA server 2006


4.1. To Rule
Cui cng chng ta chn Apply thc thi Rule

4. Trin khai ISA server 2006


4.2. Publish Web
Ti my ISA Server bt chng trnh ISA ln tip tc
trong Firewall Policy to mt Rule mi bng cch chn
New Web Site Publishing Rule

4. Trin khai ISA server 2006


4.2. Publish Web
Mn hnh to Rule Publish Web sau khi hon tt

4. Trin khai ISA server 2006


4.3. VPN.
4.3.1. VPN Client to Site

Trc tin cho cc Client truy cp c vo mng thng qua VPN


chng ta phi to mt User trn ISA server, click chut phi vo User
chn Properties, chn th Dial-in, chn option Allow access ok, To 1
Group v add User trn vo Group ny.

4. Trin khai ISA server 2006


4.3. VPN.
4.3.1. VPN Client to Site
Mn hnh sau khi hon tt

4. Trin khai ISA server 2006


4.3. VPN.
4.3.2. VPN Site to Site

Trc tin HCM v HANOI c th truy cp c vi nhau thng qua VPN


chng ta phi to User trn mi ISA Server

Ti my ISA HCM to User/Pass l HCM/123

Ti my ISA HANOI to User/Pass l HANOI/123

Sau Double click vo User HCM chn Tab Dial-in

4. Trin khai ISA server 2006


4.3. VPN.
4.3.2. VPN Site to Site
Mn hnh sau khi hon tt

4. Trin khai ISA server 2006


4.4. To Caching
Mc nh sau khi ci t hon tt ISA Server s tt
Cache i, Enable Cache bn chn Cache trong mc
Configuration
Ti ISA Server trong mn hnh gia chn Tab Cache
Drivers , ca s bn phi chn Tab Tasks chn Define
Cache Drives (Enable Caching)

4. Trin khai ISA server 2006


4.4. To Caching

4. Trin khai ISA server 2006


4.4. To Caching
Sau khi hon tt ta start ln

Nh vy mc nh ISA s Cache ton b cc trang Web m User truy cp.

You might also like