Microsoft 2004 Manuel D’Utilisation
ISA Server 2004 Configuration Guide 92
Scenario 1: The Edge Firewall Configuration
The Edge Firewall template configures the ISA Server 2004 firewall to have a network
interface directly connected to the Internet and a second network interface connected to the
Internal network. The network template allows you to quickly configure firewall policy Access
Rules that control access between the Internal network and the Internet.
interface directly connected to the Internet and a second network interface connected to the
Internal network. The network template allows you to quickly configure firewall policy Access
Rules that control access between the Internal network and the Internet.
Table 1 shows the firewall policies available to you when using the Edge Firewall template.
Each of these firewall policies has its own set of Access Rules that it creates, ranging from an
all open access policy between the Internal network and Internet to a Block All policy that
prevents all access between the Internal network and the Internet.
Each of these firewall policies has its own set of Access Rules that it creates, ranging from an
all open access policy between the Internal network and Internet to a Block All policy that
prevents all access between the Internal network and the Internet.
Table 1: Network Edge Firewall Template Firewall Policy Options
Firewall Policy
Description
Block all
Block all network access through ISA Server.
This option does not create any access rules other than the default
rule which blocks all access.
rule which blocks all access.
Use this option when you want to define firewall policy on your
own.
own.
Block Internet access,
allow access to ISP
network services
allow access to ISP
network services
Block all network access through ISA Server, except for access to
network services such as DNS. This option is useful when your
Internet Service Provider (ISP) provides these services.
network services such as DNS. This option is useful when your
Internet Service Provider (ISP) provides these services.
Use this option when you want to define firewall policy on your
own.
own.
The following access rules will be created:
1. Allow DNS from Internal Network and VPN Clients Network to
External Network (Internet)
Allow limited Web
access
access
Allow Web access using HTTP, HTTPS, FTP only. Block all other
network access.
network access.
The following access rules will be created:
1. Allow HTTP, HTTPS, FTP from Internal Network to External
Network
2. Allow all protocols from VPN Clients Network to Internal
Network
Allow limited Web
access and access to
ISP network services
access and access to
ISP network services
Allow limited Web access using HTTP, HTTPS, and FTP, and
allows access to ISP network services such as DNS. Block all
other network access.
allows access to ISP network services such as DNS. Block all
other network access.
The following access rules will be created:
1. Allow HTTP, HTTPS, FTP from Internal Network and VPN
Clients Network to External Network (Internet)
2. Allow DNS from Internal Network and VPN Clients Network to
External Network (Internet)
3. Allow all protocols from VPN Clients Network to Internal
Network
Allow unrestricted
Allow unrestricted access to the Internet through ISA Server. ISA