View
8
Download
0
Category
Preview:
Citation preview
1
ISA Management Set-up
Windows 2006 Server - ISA management set-up
Microsoft’s Internet Security & Acceleration Server is an extensible enterprise firewall and
Web cache server. This is an example of how to establish the proxy server settings on the
ISA using the SOCKS4 protocol to enable ASIC Internet lodgment system through CAS.
Note: The following instructions should only be referred to the IT manager / System
Administrator. This is a guide only as some settings may vary from server to server.
Installation instructions
Setting up CAS and ISA to lodge through the Internet lodgment system involves three tasks:
• Task 1 - Involves configuring ISA to enable the client to establish a
connection and request to the ISA server
• Task 2 - Involves configuring CAS to correctly interact with the ISA server
• Task 3 - Configuring the Firewall
Task 1 - Configuring ISA to enable the client to establish a connection and
request to the ISA
Enable SOCKS V4 via Application Filters
Click Start | Programs | Microsoft ISA Server | ISA Management
Go to Configuration | Add-ins and under the Application Filters, double-click on SOCKS
V4 Filter. Tick the Enable this filter box and click OK.
ISA Management Set-up
2
Click Apply at the top and click OK once the changes have been successfully applied.
Next, right-click on Firewall Policy and go to New | Access Rule…
ISA Management Set-up
3
This will bring up the New Access Rule Wizard where the Access rule name should be
entered.
Click Next and select Allow.
ISA Management Set-up
4
Click Next and then Add… The Add Protocols screen will pop up. Click New and then
Protocol.
Enter a Protocol definition name.
ISA Management Set-up
5
Click Next>. You need to enter Protocol details. Ports 5610 and 5608 need to be opened.
Click New… to define the ports.
Defining Port 5610
Protocol Type: TCP
Direction: Outbound
Port Range: From 5610 To 5610
Click OK and then New…
Define Port 5608
Protocol Type: TCP
Direction: Outbound
Port Range: From 5608 To 5608
ISA Management Set-up
7
Select No for Do you want to use secondary connections? and click Next>.
Click Finish to complete the New Protocol Definition Wizard.
The new protocol will appear under the User-Defined folder. Highlight the protocol name
you have just created (in this example CAS Lodgement protocol has been used) and click
Add.
ISA Management Set-up
8
The protocol will then show under Protocols.
Click Next>. The Access Rule Sources screen will pop up. Click Add…
Under Networks, select the Internal (Local Area Connection) network. Your local network
may be named differently.
ISA Management Set-up
9
Click Add…
Click Next>> to go to the Access Rule Destinations screen. Click Add…
Select New below Network Entities and click on Computer.
ISA Management Set-up
10
Add the following details:
edge1.asic.gov.au – primary mailbox (IP address 203.192.73.36, 220.101.15.196)
edge2.asic.gov.au – secondary mailbox (IP address 203.192.73.37, 220.101.15.197)
Please note that ASIC can change the IP adresses at any time. Users are advised not to use hardcoded IP addresses.
ISA Management Set-up
11
Click OK. These two rule elements will get added to the Computers folder. You will need to
highlight each one of them and click Add.
ISA Management Set-up
12
Click Next> and the User Sets screen will come up.
Highlight All Users and click Next>.
ISA Management Set-up
13
Complete the New Access Rule Wizard by clicking Finish.
Click Apply.
Click OK.
You should have the following policy set up.
ISA Management Set-up
14
Task 2 - Configuring CAS to correctly interact with the ISA server
In CAS, from the Ribbon Toolbar, on the Administration tab, in the Setup group, click
Agent/Presenter Set-Up.
Highlight the agent and click Edit. Go to the ASIC EDGE Internet Lodgement tab and
enter the following details:
Internet Lodgement Port
This should be left as 0 as this is the local outbound port. It would be changed if there was a
firewall that required it to be set to a specific port. Port ‘0’ is for a port number assigned by
the operating system.
Proxy Type
Select Socks 4 from the list.
Task 3 - Configuring the firewall
The only configuration required for the firewall is opening up the firewall for outbound
connections via TCP on port 5610.
edge1.asic.gov.au - primary mailbox (IP addresses 203.192.73.36, 220.101.15.196)
edge2.asic.gov.au - secondary mailbox (IP addresses 203.192.73.37, 220.101.15.197)
Agents are also advised to add a firewall exception for the host name as this will not change.
Please note that ASIC can change the IP adresses at any time. Users are advised not to use hardcoded IP addresses.
Recommended