ISA Firewall Client
The ISA Firewall Client
software provides a uniform Winsock service provider that Winsock
applications can use. When an application makes a request, the Firewall
Client software intercepts the request and determines whether the
request needs to be routed to the ISA 2004 server. If the request is not
considered local, it is routed to the ISA 2004 server for processing
and further routing. Windows user information can be included in the
request, allowing the ISA 2004 server to process rules and firewall
policies that are user-specific.
The ISA Firewall Client
is usually distributed directly from the ISA 2004 server. During initial
installation, you can choose to create a distribution share for the
Firewall Client. If you didn’t create the client distribution share
during initial installation, just re-run the setup program to add the
Firewall Client distribution share. The default share location is \\isaservername\MSPClnt.
You can run the setup
interactively, or you can perform an unattended setup to have it run
without intervention. The unattended setup command line would be
\\isaservername\MSPClnt\setup /v "SERVER_NAME_OR_IP=isaservername /qn"
By installing the
ISA Firewall Client on the computers on your network, you enable
advanced firewall policies that make decisions based on the Windows user
or group credentials. Without the Firewall Client, you won’t have the
Windows user credentials available to make firewall policy decisions.
Note
There is currently
no Firewall Client available for 64-bit clients. If you have policies
that use Windows user credentials, you’ll need to make special
exceptions for clients that are 64-bit.
Import, Export, Backup, and Restore
ISA
2004 provides both export/import capability, and full backup and
restore capability. Both have their place in the defense and protection
of your ISA 2004 server and should be performed regularly and on an
as-appropriate basis.
Export and import can
include the entire ISA 2004 configuration, but it’s most appropriate to
save the partial configuration information after you’ve made a change or
where you want to be able to propagate that configuration information
to another server. You can choose during the export process whether to
include confidential information, and apply an encryption password to
the resulting .xml file that contains the configuration information.
Backup and restore are
used when you want to save a complete backup of the server
configuration. It includes user permissions and all confidential
information, and an encrypting password is required. Use backup and
restore when you want to clone the configuration of an ISA 2004 server.
To backup the configuration of an ISA 2004 server, follow these steps:
1. | Open the ISA 2004 management console, and navigate to the Getting Started page.
|
2. | Click Backup The ISA Server Configuration in the rightmost pane to open the Backup Configuration dialog box shown in Figure 1. Enter a descriptive file name for the backup, and click Backup.
|
3. | The
Set Password dialog box will open. Enter a password to encrypt the
backup file. Passwords must be at least 8 characters and should follow
strong password rules. Click OK, and the backup will start. When
completed, click OK again.
|
To restore the configuration of an ISA 2004 server, follow these steps:
1. | Open the ISA 2004 management console, and navigate to the Getting Started page.
|
2. | Click
Restore The ISA Server Configuration in the rightmost pane to open the
Restore Configuration dialog box. Navigate to the saved configuration
file, and click Restore.
|
3. | Enter the encrypting password, and click OK. If you type the wrong password, you’ll see the dialog box shown in Figure 2,
and the restore operation will terminate. If the restore operation is
successful, you’ll still need to click the Apply button on the main
Getting Started page before the restored configuration will be
implemented.
|
To export the configuration of an ISA 2004 server, follow these steps:
1. | Open
the ISA 2004 management console, and navigate to the main page of the
portion of ISA 2004 configuration you want to export. To export the
entire configuration, navigate to the Getting Started page. As an
example of a partial export, navigate to the Firewall Policy page.
|
2. | Click Export System Policy on the Tasks tab in the rightmost pane to open the Export Configuration dialog box shown in Figure 3.
Enter a descriptive file name for the export. Select the Export
Confidential Information box. If available, in this section, select the
Export User Permission Settings box.
|
3. | Click
Export to open the Set Password dialog box, if you’ve chosen to export
confidential information. Enter and confirm the password to encrypt the
information.
|
4. | Click OK to begin the export. Click OK again when the export completes.
|
To import the configuration of an ISA 2004 server, follow these steps:
1. | Open
the ISA 2004 management console, and navigate to the main page of the
portion of ISA 2004 configuration you want to import. To import the
entire configuration, navigate to the Getting Started page. As an
example of a partial import, navigate to the Firewall Policy page.
|
2. | Click
Import System Policy in the rightmost pane to open the Import
Configuration dialog box. Highlight the policy you want to import.
Select Import Cache Drive Settings and SSL Certificates if you want.
|
3. | Click
Import. If the export was encrypted, you’ll be prompted to enter the
password for the file. Enter the password and click OK.
|
4. | Once
the import completes, click OK to close the dialog box. The actual
changes to the ISA 2004 server configuration won’t be implemented until
you click the Apply button on the main System Policy page. |
