ISA Management Set-up - files.bglcorp.com.aufiles.bglcorp.com.au/faqdocs/ISA_Management_Setup... · ISA Management Set-up . Windows 2006 Server - ISA management set-up . Microsoft’s

1

ISA Management Set-up

Windows 2006 Server - ISA management set-up

Microsoft’s Internet Security & Acceleration Server is an extensible enterprise firewall and

Web cache server. This is an example of how to establish the proxy server settings on the

ISA using the SOCKS4 protocol to enable ASIC Internet lodgment system through CAS.

Note: The following instructions should only be referred to the IT manager / System

Administrator. This is a guide only as some settings may vary from server to server.

Installation instructions

Setting up CAS and ISA to lodge through the Internet lodgment system involves three tasks:

• Task 1 - Involves configuring ISA to enable the client to establish a

connection and request to the ISA server

• Task 2 - Involves configuring CAS to correctly interact with the ISA server

• Task 3 - Configuring the Firewall

Task 1 - Configuring ISA to enable the client to establish a connection and

request to the ISA

Enable SOCKS V4 via Application Filters

Click Start | Programs | Microsoft ISA Server | ISA Management

Go to Configuration | Add-ins and under the Application Filters, double-click on SOCKS

V4 Filter. Tick the Enable this filter box and click OK.


2

Click Apply at the top and click OK once the changes have been successfully applied.

Next, right-click on Firewall Policy and go to New | Access Rule…


3

This will bring up the New Access Rule Wizard where the Access rule name should be

entered.

Click Next and select Allow.


4

Click Next and then Add… The Add Protocols screen will pop up. Click New and then

Protocol.

Enter a Protocol definition name.


5

Click Next>. You need to enter Protocol details. Ports 5610 and 5608 need to be opened.

Click New… to define the ports.

Defining Port 5610

Protocol Type: TCP

Direction: Outbound

Port Range: From 5610 To 5610

Click OK and then New…

Define Port 5608

Protocol Type: TCP

Direction: Outbound

Port Range: From 5608 To 5608


6

Click OK. You should have the following two ports defined.

Click Next>.


7

Select No for Do you want to use secondary connections? and click Next>.

Click Finish to complete the New Protocol Definition Wizard.

The new protocol will appear under the User-Defined folder. Highlight the protocol name

you have just created (in this example CAS Lodgement protocol has been used) and click

Add.


8

The protocol will then show under Protocols.

Click Next>. The Access Rule Sources screen will pop up. Click Add…

Under Networks, select the Internal (Local Area Connection) network. Your local network

may be named differently.


9

Click Add…

Click Next>> to go to the Access Rule Destinations screen. Click Add…

Select New below Network Entities and click on Computer.


10

Add the following details:

edge1.asic.gov.au – primary mailbox (IP address 203.192.73.36, 220.101.15.196)

edge2.asic.gov.au – secondary mailbox (IP address 203.192.73.37, 220.101.15.197)

Please note that ASIC can change the IP adresses at any time. Users are advised not to use hardcoded IP addresses.


11

Click OK. These two rule elements will get added to the Computers folder. You will need to

highlight each one of them and click Add.


12

Click Next> and the User Sets screen will come up.

Highlight All Users and click Next>.


13

Complete the New Access Rule Wizard by clicking Finish.

Click Apply.

Click OK.

You should have the following policy set up.


14

Task 2 - Configuring CAS to correctly interact with the ISA server

In CAS, from the Ribbon Toolbar, on the Administration tab, in the Setup group, click

Agent/Presenter Set-Up.

Highlight the agent and click Edit. Go to the ASIC EDGE Internet Lodgement tab and

enter the following details:

Internet Lodgement Port

This should be left as 0 as this is the local outbound port. It would be changed if there was a

firewall that required it to be set to a specific port. Port ‘0’ is for a port number assigned by

the operating system.

Proxy Type

Select Socks 4 from the list.

Task 3 - Configuring the firewall

The only configuration required for the firewall is opening up the firewall for outbound

connections via TCP on port 5610.

edge1.asic.gov.au - primary mailbox (IP addresses 203.192.73.36, 220.101.15.196)

edge2.asic.gov.au - secondary mailbox (IP addresses 203.192.73.37, 220.101.15.197)

Agents are also advised to add a firewall exception for the host name as this will not change.

Please note that ASIC can change the IP adresses at any time. Users are advised not to use hardcoded IP addresses.

Documents

ISA Management Set-up - files.bglcorp.com.aufiles.bglcorp.com.au/faqdocs/ISA_Management_Setup... · ISA Management Set-up . Windows 2006 Server - ISA management set-up . Microsoft’s