Microsoft 2004 Manuel D’Utilisation
ISA Server 2004 Configuration Guide 100
Scenario 2: The 3-Leg Perimeter Configuration
The 3-leg perimeter configuration creates network relationships and Access Rules to support
an Internal network segment and a perimeter (DMZ) network segment. The perimeter network
segment can host your publicly-accessible resources and infrastructure servers, such as a
public DNS server or a caching-only DNS server.
an Internal network segment and a perimeter (DMZ) network segment. The perimeter network
segment can host your publicly-accessible resources and infrastructure servers, such as a
public DNS server or a caching-only DNS server.
Table 2: 3-Legged Perimeter Firewall Template Firewall Policy Options
Firewall Policy
Description
Block all
Block all network access through ISA Server.
This option does not create any access rules other than the default
rule which blocks all access.
rule which blocks all access.
Use this option when you want to define firewall policy on your
own.
own.
Block Internet access,
allow access to
network services on
the perimeter network
allow access to
network services on
the perimeter network
Block all network access through ISA Server, except for access to
network services, such as DNS on the perimeter network. Use this
option when you want to define the firewall policy on your own.
network services, such as DNS on the perimeter network. Use this
option when you want to define the firewall policy on your own.
The following access rules will be created:
1. Allow DNS traffic from Internal Network and VPN Clients
Network to Perimeter Network
Block Internet access,
allow access to ISP
network services
allow access to ISP
network services
Prevent all network access through the firewall except for network
services such as DNS. This option is useful when your Internet
Service Provider (ISP) provides network services.
services such as DNS. This option is useful when your Internet
Service Provider (ISP) provides network services.
Use this option when you want to define the firewall policy on your
own.
own.
The following rules will be created:
1. Allow DNS from Internal Network, VPN Clients Network and
Perimeter Network to External Network (Internet)
Allow limited Web
access, allow access
to network services
on perimeter network
access, allow access
to network services
on perimeter network
Allow limited Web access using HTTP, HTTPS, FTP only and allow
access to network services such as DNS on the perimeter network.
All other network access is blocked.
access to network services such as DNS on the perimeter network.
All other network access is blocked.
This option is useful when network infrastructure services are
available on the perimeter network.
available on the perimeter network.
The following access rules will be created:
1. Allow HTTP, HTTPS, FTP from Internal Network and VPN
Clients Network to Perimeter Network and External Network
(Internet)
(Internet)
2. Allow DNS traffic from Internal Network and VPN Clients
Network to Perimeter Network
3. Allow all protocols from VPN Clients Network to Internal
Network
Allow limited Web
access and access to
ISP network services
access and access to
ISP network services
Allow limited Internet access and allow access to network services
such as DNS provided by your Internet Service Provider (ISP). All
other network access is blocked.
such as DNS provided by your Internet Service Provider (ISP). All
other network access is blocked.