Security Templates
Level | Servers | Domain Controller | ă…¤ |
Dedicated | HISECWS.INF | HisecDC.INF | Firewall |
Limited Services | SECUREWS.INF | SecureDc.INF | Firewall + Cache |
Secure | BasicSv.INF | BasicDc.INF | Multifunction machine |
Once you apply these, you can’t go back.
securwiz.log in ISA program files directory lists changes made by security template.
Simple Firewall Design
two network cards, one internal, one external.
Back to Back Perimeter Firewall Design
two ISA servers. DMZ in between servers.
Three Homed Perimeter Firewall Design
third network card for DMZ network. DMZ addresses are not in LAT.
Â
- web-proxy service: only allows web traffic
- firewall service-proxy: any TCP/UDP traffic from clients, proxied by ISA server
- firewall service-routing: passes packets between internet and clients
Â
- Packet Filter (Off) IP Routing (Off): ISA can proxy for clients, no protection for ISA server, only used on leased lines
- Packet Filter (On) IP Routing (Off): Most common if external access is not required
- Packet Filter (On) IP Routing (On): DMZ network
- Packet Filter (Off) IP Routing (On): No recommended, routing between networks without security, builtin doesn’t need ISA server.
Â
Â
Â
Â
Â
Made with Bullet