Microsoft ISA server
Microsoft ISA Server configuration after installation
We assume that you already install ISA successfully. Please keep in mind that if install ISA joust for Cache you will have less bandwidth priority tools than installing in Integrated Mode. We advice you to install in Integrated Mode even if you intend to use joust for Caching.
After installing the ISA server you need to setup few things to see it working.
Local Address Table (LAT)
- It is very important to define correct the LAT who should include all IP who will allow to access ISA.
Local Domain Table (LDT)
- if your ISA server it is member in a Windows 2000 domain it is recommended to add that domain to LDT
Client Address Sets
- it is use full to define groups of the users who will be use full later when creating the access or deny rules
- if you have some internet sites who want to not be accessible to some of your users here is the place do define this.
Site and Content Rules
- this is the most important settings on ISA and define who have access and where and when.
- if your ISA are member of an array than the rules should be created under Enterprise Zone
- if you have a stand alone ISA server than the rules should be created inside Access Policy
- when creating a rule be very carefully when setup Applies To, Personally I advice you to have 2 rules, one with Applies To referring to USERNAME of the user and groups by username, and another rule with Applies To referring to IP address (client address sets). If you create this two rules than you will be absolutely sure that the users will able to access ISA server.
- it is also a very important rules who define who will have access to Internet for Application who use direct connection like MIRC.
- if the ISA it is member of an array than you should create the rules inside Enterprise area
- if the ISA it is stand alone server than creating the rule inside Access Policy will be the propriet place
- do not forget to create also here two rules one who will apply to USERNAMES and groups and other who will apply to IP address (client address sets).
IP Packet Filtering
- this settings it is apply to each ISA computer individually and can be found inside Access Policy
- for security reason it is very important to have this Enabled (Right click and see in General tab) but if you use ISA joust for Proxy and not for NAT than you can disable IP Packet Filtering without any problems especially if you keep receiving a lot of error messages into Event Log.
Bandwidth Priority and Bandwidth Rules
- once your users have Internet access you can setup special priority for each of them or a group together apply to Username or IP address all together or individual
- create bandwidth priority to satisfy the level of service you want to provide
- apply them using Bandwidth Rules
- if you want more control keep in mind that if you right click on Bandwidth Rules and choose property you will be allow to setup the total bandwidth available on ISA server. It is an important tool for a better control.
- cache configuration it is one of the last settings but much important
- right click, choose property, go to Advanced and keep in mind that you can here setup a less percentage of the memory used for caching if the default of 50 % it is to much.
- you can setup following HTTP property without worry that some users will be affected by this cache settings.
- we advice you to use at least 5000 MB of cache size
- keep in mind that one ISA server will allow you to browse from cache around 60 % of the total browsing, so you save bandwidth. Two ISA servers in array will allow you to browse from cache more than 85 % from total browsing. Three ISA servers in array was the last experience of us it allow you a total browsing from cache of 90-91 %. All this experiences was made using same bandwidth for all servers together and the percentage was fulfill after 3 weeks of normal usage of the servers.
- if you use ISA joust for Cache you can safely right click and Disable the following Application Filters: H.323 Filter, SMTP Filter, SOCKS V4 Filter.
- if you want more control over ISA you can install few extremely use full Web Filters. Gfi Web Monitor witch it is for free and alow you to see real time who download and where the users browse. Avast32 anti virus witch it is commercial it have an very clever ISA ADD ON who will scan all web pages opened trough ISA and stop that pages who contain viruses.
- if your ISA server it have few UPSTREAM PROXY server you can choose which site to be requested to which proxy server.
- if you have few ISA servers in array you will need to specify the IP who will be used for INTRA ARRAY COMMUNICATION. This should be done from Computers , than computer property and ARRAY MEMBERSHIP.
- if you have an array with two ISA servers as members and if you use as Caching only even if you install the ISA in integrated mode, we recommend do not use "Force packet filtering on the array"
We wish you much success with your ISA implementation !
For more support you can contact us or you can visit the Microsoft we site http://www.microsoft.com/ISAServer/