Install the ISA Configuration Storage Server and Configure the Firewall Array

  • Article
Cc539144.chm_head_left(en-us,TechNet.10).gif Cc539144.chm_head_middle(en-us,TechNet.10).gif Cc539144.chm_head_right(en-us,TechNet.10).gif

Install the ISA Configuration Storage Server and Configure the Firewall Array

The Configuration Storage server stores the configuration information for all of the arrays in the enterprise. An array is a representation of one or more ISA Server computers that are physically connected and share the same configuration. These procedures describe how to install the Configuration Storage server, define an enterprise network, and create a firewall array.

Tasks

  1. Install the Configuration Storage Server
  2. Define an Enterprise Network
  3. Create an ISA Server Array

Install the Configuration Storage Server

Procedure DWISA.8: To install the ISA 2006 Configuration Storage Server

  1. On ISACS01, insert the ISA Server CD into the CD drive, or run ISAautorun.exe from the shared network drive.

  2. In Microsoft ISA Server Setup, click Install ISA Server 2006.

  3. On the Welcome page, click Next.

  4. Read and accept the user license agreement, and then click Next.

  5. Enter your customer details, and then click Next.

  6. On the Setup Scenarios page, select Install Configuration Storage Server, and then click Next.

  7. On the Component Selection page, you can review the settings, and then click Next.

  8. On the Enterprise Membership page, select Create a new ISA Server Enterprise, and then click Next.

  9. On the New Enterprise Warning page, click Next. This page warns you not to install more than one enterprise. Because you are creating a new enterprise, you can ignore the warning.

  10. On the Create a New Enterprise page, configure the name to be fabrikam, and (optionally) enter a description for the enterprise. Click Next.

  11. On the Enterprise Deployment Environment page, select I am deploying in a workgroup or in domains without trust relationships. Under Install a server certificate, use the Browse button to locate the certificate file you created in Create and Install a Server Certificate on ISACS01, (for example, C:\ISA.pfx). Click Open to open the file, enter the password in the Certificate Password field, and then click Next.

  12. On the Ready to Install the Program page, click Install to begin the installation.

    Note

    You may be prompted to insert your Windows Server 2003 R2 disk.

  13. After the installation is complete, click Finish.

Define an Enterprise Network

You next create an enterprise network in the ISA Server 2006 Management Console on the Configuration Server. In this procedure, you will create a corporate network, which will include all of the Internet Protocol (IP) addresses of the Fabrikam domain and the internal-facing network interface cards (NICs) of the firewall array servers in the workgroup.

Procedure DWISA.9: To define an enterprise network

  1. On ISACS01, run the ISA Server Management tool: Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  2. Expand the Enterprise node, and then click Enterprise Networks.
  3. In the tasks pane, on the Tasks tab, select Create a New Network to start the New Network Wizard.
  4. On the Welcome to the New Network Wizard page, in Network Name, name the new network Internal, and then click Next.
  5. On the Network Addresses page, click Add Range to open the IP Address Range Properties dialog box.
  6. In the Start address box, enter the low end of the IP address range for fabrikam, and in the End address box, enter the high end of the IP address range. Click OK. This range of addresses will cover all of the internal IP addresses for the main and internal-facing NICs in the workgroup array.
  7. On the Network Addresses page, click Next.
  8. On the summary page, review the properties of the enterprise network you are creating, and then click Finish.
  9. In the Management Console top pane, click Apply to apply the changes.

Create an ISA Server Array

In this section you create an ISA Server array on the Configuration Storage server. This will be an empty array, for which you can configure enterprise policy. The enterprise or array administrator can then add servers to the array.

Procedure DWISA.10: To create an ISA Server array

  1. In the ISA Server Managment tool, click Arrays. In the tasks pane, on the Tasks tab, click Create New Array to start the New Array Wizard.
  2. On the Welcome page, provide a name for the new array, such as Main, and then click Next.
  3. On the Array DNS Name page, enter the FQDN of the array, for example, proxy.fabrikam.com, and then click Next.
  4. On the Assign Enterprise Policy page, from the drop-down menu, select the enterprise policy that will be applied to the new array, Default Policy, and then click Next.
  5. On the Array Policy Rule Types page, select the types of rules the array administrator is allowed to make. Select Deny, Allow, and Publishing Rules, and then click Next.
  6. On the summary page, review the array configuration, and then click Finish. When the progress bar indicates that the array has been created, click OK.
  7. After the array has been created, you must assign array administrator privileges to the Main array. In ISA Server management, right-click the name of the array (for example, Main), and then click Properties.
  8. On the Assign Roles tab, click Add under User and groups allowed access to Configuration Storage servers. Add fabrikam\Domain Admins. On the Role menu, click ISA Server Array Administrator, and then click OK.
  9. Because you are using certificate authentication for communications between the Configuration Storage server and the ISA Server servers in the firewall array, you must set that information. To do this:
    1. On the Configuration Storage tab of the array properties page, under Select the type of authentication used to authenticate connections between ISA Server and the Configuration Storage server, click Select.
    2. In the Select Authentication Type dialog box, click Authentication over SSL encrypted channel.
    3. Click OK to close.
  10. Click OK to close the properties page.
  11. In the left pane of the ISA Server 2006 Management Console, expand the array you just created, and then click Firewall Policy.
  12. In the far-right pane, click the Toolbox tab, and, within the Network Objects section, expand the Computer Sets node.
  13. Right-click Remote Management Computers, and then select Properties.
  14. Under Computers, address ranges and subnets included in the computer set, click Add, and then click Computer.
  15. In the New Computer Rule Element box, in the Name box, enter the name (FQDN) of the Configuration Storage server, which is ISACS01.fabrikam.com. In the Computer IP Address box, enter the IP address of the Configuration Storage server, and then click OK.
  16. Click OK to close the Remote Management Computer Properties dialog box.
  17. In the Computer Sets node, right-click Managed ISA Server Computers, and then select Properties.
  18. Click Add, and then click Computer.
  19. Enter the name of the first ISA firewall server (for example, ISA01), enter the IP address of the NIC on ISA01 which the configuration server is able communicate with, and then click OK. If there are any additional ISA firewall servers (for example, ISA02) enter them in the same way. Click OK when done.
  20. In the Management Console top pane, click Apply to apply the changes, and then click OK when that process is complete.