Using the ISA Server 2004 Enterprise Edition SMTP Filter and Message Screener

Microsoft® Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition includes two components to help prevent mail relaying, the entry of viruses, and unwanted attachments on the network: the Simple Mail Transfer Protocol (SMTP) filter and Message Screener. Message Screener is an ISA Server optional component, which you can install separately from ISA Server and ISA Server Management.

On This Page

• Scenarios
• Solutions

SMTP Filter

ISA Server intercepts all SMTP traffic that arrives on port 25 of the ISA Server array. The SMTP filter on the ISA Server array accepts the traffic, inspects it, and passes it on, only if the rules allow it.

The SMTP filter examines SMTP commands sent by Internet SMTP servers and clients. This application layer filter can intercept SMTP commands and check whether they are larger than they should be. SMTP commands that are larger than the limits you configure in the SMTP filter are assumed to be attacks against the SMTP server and can be stopped by the SMTP filter.

Each SMTP command has a maximum length associated with it. This length represents the number of bytes allowed for each command. If an attacker sends a command that exceeds the number of bytes allowed for the command, ISA Server drops the connection and prevents the attacker from communicating with the corporate mail server.

When a client uses a command that is defined but disabled, the filter closes that connection. When a client uses a command that is unrecognized by the SMTP filter, no filtering is performed on that message.

The RFC considers the AUTH command as part of the MAIL FROM command. For this reason, the SMTP filter blocks MAIL FROM commands only when they exceed the length of the MAIL FROM and AUTH commands issued (when AUTH is enabled). For example, if you specify a maximum length of MAIL FROM as 266 bytes and AUTH as 1,024 bytes, the message will be blocked only if the MAIL FROM command exceeds 1,290 bytes.

The SMTP filter can work in conjunction with Message Screener to provide deeper content inspection. The SMTP filter filters all SMTP traffic that arrives at the ISA Server array that matches a server publishing rule on the SMTP protocol.

Message Screener

Message Screener works together with the SMTP filter to intercept all SMTP traffic arriving on TCP port 25 of the ISA Server array. Message Screener is designed for filtering spam. Using Message Screener, you can filter e-mail messages based on keywords or attachments, or block e-mail messages from specific senders and domains. Message Screener must be installed on an SMTP server running Internet Information Services (IIS) 6.0 or IIS 5.0. You can install Message Screener in the Internal network, where we recommend you install your Exchange servers, in a perimeter network, or on the ISA Server array. We recommend that you install Message Screener in a perimeter network, because this provides an additional layer of protection between the Internet and your mail servers.

When you use Message Screener, you will be publishing Message Screener to receive e-mail messages, rather than your Exchange server or other mail server. You therefore must configure your mail server to receive mail from the Message Screener computer.

The Message Screener component can filter incoming mail based on the:

• Value sent in the MAIL FROM SMTP command, used for Sender and Domain name filtering.
• Content-Disposition header field for each attachment. This field commonly contains the attachment file name and extension. Message Screener can filter attachments by extension, by name, or by size.
• Message subject or message body of either text/plain or text/html content type.

Message Screener can be configured to hold the e-mail message for later inspection or forward the message to a security administrator's account for further examination and analysis.

Consider, for example, a common virus that sends e-mail messages containing a specific keyword. You can configure Message Screener to take one of three actions when an e-mail message with this keyword is received:

• Delete the message

• Hold the message

• Forward the message

  Note

  Application layer inspection of outbound mail is also possible. An organization may want to block outgoing viruses and worms in an effort to protect other Internet connected networks. In addition, outbound mail inspection prevents users from sending attachment documents and other files that contain proprietary corporate data.

Logging Blocked Messages

Messages that are allowed or blocked by Message Screener are logged locally to a file on the computer running Message Screener. The file is located by default in %Program Files%\Microsoft ISA Server\ISALogs. If you change that location setting on the Configuration Storage server, it is automatically changed on the Message Screener computer, unless the Message Screener computer is in a workgroup. In that case, you must manually ensure that the matching path exists on the Message Screener computer.

Scenarios

Scenarios in which the Simple Mail Transfer Protocol (SMTP) filter and Message Screener must be configured are provided in the sections that follow.

SMTP Filter Scenarios

You can configure the SMTP filter to address these example scenarios:

• You want to adjust the maximum length of an SMTP command allowed by the SMTP filter.
• You encounter a new SMTP command that is vulnerable to attack if the maximum command length is exceeded.

Message Screener Scenarios

You can configure Message Screener to address these example scenarios:

• You want to block e-mail messages containing a specific string, because that string is associated with a virus-carrying e-mail message.
• You want to block e-mail messages containing a specific attachment, or type of attachment, known to be a source of viral infection.
• You want to block a specific domain, which is a source of spam. in this document
• You want to block specific outgoing mail. If you install Message Screener in a perimeter network, you can configure Message Screener to block specific outgoing mail. This configuration is described in Screening Outgoing E-Mail Messages Using Message Screener in this document.

Solutions

These solutions describe how to configure the Simple Mail Transfer Protocol (SMTP) filter and Message Screener to address the provided scenarios.

SMTP Filter Walk-through

This walk-through describes how to configure the SMTP filter to filter SMTP commands.

SMTP Filter Procedure 1: Configure SMTP Filter Buffer Overflow Thresholds

This procedure describes how to edit the predefined list of SMTP commands that is installed with the SMTP filter. You cannot remove SMTP commands from the predefined list, but you can disable a command so that the filter will not consider the length of that command, or edit the maximum length for each command, thus adjusting the threshold above which the filter will not accept SMTP commands. You can also add simple SMTP commands, as described in SMTP Filter Procedure 2: Add SMTP Commands in this document.

To configure SMTP filter buffer overflow thresholds, follow these steps:

1. In the console tree of ISA Server Management, expand the array node, click Configuration, and then click Add-ins.
2. In the details pane, on the Application Filters tab, double-click SMTP Filter.
   
3. On the SMTP Commands tab, click the applicable command, and then click Edit.
   
4. In the SMTP Command Rule dialog box, in Maximum Length, type the maximum length of the command line (in bytes) for the commands. Note that you can disable the command by clearing the Enable SMTP command check box.
5. Click OK to close the SMTP Command Rule dialog box.
6. Click OK to close the SMTP Filter Properties page.

SMTP Filter Procedure 2: Add SMTP Commands

This procedure describes how to add a simple SMTP command to be filtered by the SMTP filter. A simple SMTP command is a single command followed by a single response. Other types of SMTP commands are not supported.

To add an SMTP command, follow these steps:

1. In the console tree of ISA Server Management, click Configuration, and then click Add-ins.
2. In the details pane, on the Application Filters tab, double-click SMTP Filter.
3. On the SMTP Commands tab, click Add.
4. In the SMTP Command Rule dialog box, in Command Name, type the name of the command.
5. In Maximum Length, type the maximum length of the command line (in bytes).
6. Click OK to close the SMTP Command Rule dialog box.
7. Click OK to close the SMTP Filter Properties page.

SMTP Filter Procedure 3: Log Blocked E-Mail Messages

If an SMTP command is blocked because it violates one of the SMTP filter's conditions, the blocked message will only be logged when you enable the SMTP filter event alert.

Follow these steps to enable the alert:

1. In the console tree of ISA Server Management, click Monitoring.
2. In the details pane, select the Alerts tab.
3. In the task pane, on the Tasks tab, click Configure Alert Definitions to open the Alert Properties page.
   
4. On the Alerts Definitions tab, double-click SMTP Filter event (or select SMTP Filter event and click Edit) to open the SMTP Filter event Properties page.
   
5. On the Events tab, you can set the alert action trigger thresholds, and on the Actions tab you can configure what action is taken when an alert is triggered. For more information, see Alert thresholds and actions in this document.
   
6. Click OK to close the properties page.

Alert thresholds and actions

Thresholds determine when the alert action will be performed:

• How many times per second the event will occur before issuing an alert (also called the event frequency threshold).
• How many events will occur before the alert is issued.
• How long to wait before issuing the alert again.

You can set one or more of the following actions to be performed when an alert condition is met:

• Send an e-mail message.
• Run a specific action.
• Log the event in the Microsoft Windows® event log.
• Stop or start the Microsoft Firewall service or Microsoft ISA Server Job Scheduler.

You can configure which credentials will be used when an application is executed. Use the Local Security Policy to configure user privileges.

Message Screener Walk-through

This walk-through assumes that you will install Message Screener in a perimeter network that has a route relationship defined with the network containing the mail server. Using Message Screener requires that you complete the following procedures:

1. Install Message Screener.

2. Configure SMTP Relay on the Message Screener computer.

3. Create an SMTP publishing rule on the ISA Server array, publishing the Message Screener computer to the External network (the Internet) on the SMTP protocol.

4. Allow access. You have to add the Message Screener computer access to the Remote Management Computers computer set so that it can access the ISA Server array. Also, if you install the Message Screener in the perimeter network, you have to create a rule to allow access to the internal mail server. (This is not needed if you install Message Screener in the same network as the mail server.)

5. Configure credentials on the Message Screener computer using SMTPCred.exe. If Message Screener is installed on the ISA Server array in a Network Load Balancing (NLB) scenario, or on an array member, omit this step.

6. Ensure that the Message Screener computer has access to a Domain Name System (DNS) server, so that it can locate by name the corporate mail server to which it must forward e-mail messages.

7. Configure Message Screener to block specific types of messages.

8. Configure your mail server to receive mail from the Message Screener computer.

   Note

   If you install Message Screener in a perimeter network, you can also configure Message Screener to block specific outgoing mail. This configuration is described in Screening Outgoing E-Mail Messages Using Message Screener in this document.

Message Screener Procedure 1: Install Message Screener

Message Screener must be installed on an SMTP server running Internet Information Services (IIS) 6.0 or IIS 5.0. This server does not have to be a computer running ISA Server services. You can install Message Screener on a server in the Internal network or in a perimeter network. If you install Message Screener on the Internal network, you can install it on the Exchange server, or you can install it on a different SMTP server.

To install Message Screener, follow these steps:

1. Insert the ISA Server 2004 CD. The setup dialog box should appear automatically. If it does not appear, run ISAAutorun.exe from the root directory of the CD.
2. Click Install ISA Server 2004.
3. On the Welcome page, click Next.
4. On the License Agreement page, read the terms of the license agreement. If you agree with the terms, select I accept the terms in the license agreement, and click Next.
5. On the Customer Information page, provide the requested information and click Next.
6. On the Setup Scenarios page, select Install ISA Server services. Click Next.
   
7. On the Component Selection page, click the icon next to Firewall Services and select This feature will not be available. Do the same for ISA Server Management. These are the core services and tools of ISA Server 2004, which you would install on an ISA Server array, rather than on the server running IIS that will host Message Screener.
8. Click the icon next to Message Screener and select This feature will be installed on local hard drive.
   
9. On the Ready to Install the Program page, click Install.
10. On the Installation Wizard Completed page, click Finish.

Message Screener Procedure 2: Configure SMTP Relay on the Message Screener Computer

If you install Message Screener on any computer other than the Exchange server, you must configure the SMTP server to relay mail to the Exchange server. If you installed Message Screener on the Exchange server, omit this procedure.

If the ISA Server array and the Exchange server are on the same network, or if the Exchange server has a route relationship with the network where you installed the ISA Server array, Message Screener should relay mail directly to the IP address of the Exchange server.

If the Exchange server has a network address translation (NAT) relationship with the network where you installed the ISA Server array, Message Screener should relay mail to the ISA Server array. In this scenario, the Exchange server must be published to the network in which Message Screener is located, through a listener on that network. You must configure Message Screener to relay the mail to the IP address of that listener.

This procedure takes place on the Message Screener computer:

1. Open the Internet Information Services (IIS) Manager. Click Start, point to All Programs, point to Administrative Tools, and select Internet Information Services (IIS).
2. Expand the local computer node. Expand Default SMTP Virtual Server, right-click Domains, select New, and click Domain to open the New SMTP Domain Wizard.
3. On the Welcome page, verify that the default domain type, Remote, is selected, and then click Next.
4. On the Domain Name page, provide the domain name for the SMTP server, such as internal.fabrikam.com, and then click Finish.
5. In IIS Manager, click Domains. Right-click the new remote domain that you just created, and select Properties.
6. Click the General tab.
7. In Select the appropriate settings for your remote domain, select the Allow incoming mail to be relayed to this domain check box to allow the SMTP server to act as a mail relay.
8. Under Route domain, click Forward all mail to smart host, and then type the IP address or the fully qualified domain name (FQDN) of the Internal network corporate mail server. If you use an IP address, make sure that you use brackets "[]" to enclose the IP address. For example, [157.54.25.14].
9. Click OK.
10. Stop and start the SMTP virtual server. To do so, right-click Default SMTP Virtual Server, and then click Stop. After the virtual server stops, right-click Default SMTP Virtual Server again, and then click Start.

Message Screener Procedure 3: Publish the SMTP Server

In this procedure you will publish your Message Screener SMTP server through the ISA Server array. Follow these steps on an ISA Server array member to publish the SMTP server:

1. In the console tree of ISA Server Management, expand the array node, and click Firewall Policy.
2. In the task pane, on the Tasks tab, click Publish a Mail Server.
3. On the Welcome page, provide a name for the rule, such as Publish Message Screener SMTP Server, and then click Next.
4. On the Select Access Type page, select Server-to-server communication: SMTP, NNTP, and then click Next.
5. On the Select Services page, select SMTP, and then click Next.
6. On the Select Server page, provide the IP address of the SMTP server, and then click Next.
7. On the IP Addresses page, select the network that will listen for requests on the SMTP server. Because you want ISA Server to receive requests from the External network (the Internet), the listener should be one or more IP addresses on the external network adapters of ISA Server. Therefore, select External. Do not click Next.
8. Before you click Next, on the IP Addresses page, select specific addresses on which you will listen. Click the Address button. The default selection is to listen on all IP addresses on the network. This will include both dedicated IP addresses and virtual IP addresses on the External network, where NLB is enabled. We recommend that you select Default IP address(es) for network adapter(s) on this network. This will select the default virtual IP address if NLB is enabled, and will select the default IP addresses on the network adapters of the ISA Server array if NLB is not enabled. If you have enabled NLB and have created more than one virtual IP address, you should select Specified IP addresses on the ISA Server computer in the selected network, and then select the specific virtual IP address in the Available IP Addresses list.
   
9. Click OK, and on the IP Addresses page, click Next.
10. On the summary page, scroll through the rule configuration to make sure that you have configured the rule correctly, and click Finish.
11. In the ISA Server details pane, click Apply to apply the changes you have made.

Message Screener Procedure 4: Allow Access

Message Screener requires access for communication with the ISA Server array and the mail server (if on a different network than the Message Screener computer). Follow these procedures to create the needed access.

Creating an outbound SMTP traffic access rule

If you install Message Screener on a perimeter network, and the perimeter network has a route relationship with the Internal network, you must create an access rule allowing outbound SMTP traffic from the perimeter network to the Internal network. This access rule will also allow the Message Screener computer to access your corporate DNS server if it is located in the Internal network.

To create the access rule, follow these steps:

1. In the Microsoft ISA Server Management console tree, select Firewall Policy.

2. In the task pane, on the Tasks tab, select Create Array Access Rule to start the New Access Rule Wizard.

3. On the Welcome page of the wizard, enter the name for the access rule, such as Outbound SMTP - Message Screener to Exchange, and then click Next.

4. On the Rule Action page, select Allow, and then click Next.

5. On the Protocols page, in This rule applies to, select Selected protocols, and then use the Add button to open the Add Protocols dialog box.

6. In the Add Protocols dialog box, expand Mail, and select SMTP. Click Add, and then click Close to close the Add Protocols dialog box. On the Protocols page, click Next.

7. On the Access Rule Sources page, click Add to open the Add Network Entities dialog box, expand Networks, select Internal, click Add, and then click Close. On the Access Rule Sources page, click Next.

8. On the Access Rule Destinations page, click Add to open the Add Network Entities dialog box, expand Networks, select External (representing the Internet), click Add, and then click Close. On the Access Rule Destinations page, click Next.

   Note

   If you want to limit the access rule source to the Message Screener computer in the perimeter network, and the destination to the Exchange server (or front-end Exchange server) or other mail server, you can create two computer sets, one for each of those computers. You select those computer sets from the Add Network Entities dialog box on the Access Rule Sources and Access Rule Destinations pages. Remember that the Message Screener computer will also need access to your corporate DNS server, so either include the DNS server in the computer set with the mail server, or create the generic access rule from network to network.

9. On the User Sets page, leave the default user set All Users in place, and then click Next.

10. Review the information on the wizard summary page, and then click Finish.

11. In the Firewall Policy details pane, click Apply to apply the new access rule. It may take a few moments for the rule to be applied. Remember that access rules are ordered, so if a deny rule matching SMTP access requests exists ahead of this allow rule in the order, access will be denied.

Enabling access to the ISA Server array

Message Screener requires access to the ISA Server array. A system policy rule allowing access from the Remote Management Computers computer set to the Local Host on the needed protocols already exists. You must add the Message Screener computer to the Remote Management Computers computer set so that the rule will apply to it.

1. Open Microsoft ISA Server Management, expand the array node, and click Firewall Policy.
2. In the task pane, on the Toolbox tab, select Network Objects, expand Computer Sets, and double-click the Remote Management Computers computer set.
   
3. Click Add, and from the drop-down list, select Computer to open the New Computer Rule Element dialog box.
4. Provide the name and IP address for the Message Screener computer, and then click OK.
5. In the Firewall Policy details pane, click Apply to apply the change.

Message Screener Procedure 5: Configure Credentials on the Message Screener Computer

In order to allow message screener to read its policy and log settings, you must run the SMTPCred.exe program. If the Message Screener is installed on the ISA Server array, omit this step.

1. On the ISA Server 2004 CD, open the FPC\Program Files\Microsoft ISA Server directory, and double-click SMTPCred.exe. (You can also type SMTPCred.exe at a command prompt in the same directory.)
2. In the Message Screener Credentials dialog box, provide the name of the computer running ISA Server services (or the IP address of the computer network adapter connected to the Message Screener network), a user name with array auditor rights, the user’s domain, and the password. In the scenario where you are running ISA Server integrated NLB, provide the external virtual IP address, rather than the computer-specific name or IP address.
   
3. Click Test to test the connection using those credentials, and OK to close the dialog box.

Message Screener Procedure 6: Enable DNS Server Access for the Message Screener Computer

The Message Screener computer requires access to your corporate DNS server so that it can locate the internal mail server by name. If the DNS server is in the same network as the Message Screener computer, it will have access, and you do not have to make configuration changes to ISA Server. However, if the DNS server is in another network, such as the Internal network, you may need to create an access rule from the perimeter network to the Internal network to allow access. For more information, see Message Screener Procedure 4: Create Access Rules in this document.

Message Screener Procedure 7: Configure Message Screener

In this procedure you will configure Message Screener to screen for specific items:

1. In the console tree of ISA Server Management, expand Configuration and click Add-ins.
2. In the details pane, on the Application Filters tab, double-click SMTP Filter to open the SMTP Filter Properties dialog box.
3. On the General tab, verify that Enable this filter is selected.
4. On the Keywords, Users/Domains, and Attachments tabs, you can configure the screening of e-mail messages:
   • On the Keywords tab, click Add to open the Mail Keyword Rule dialog box. In this dialog box, in Keyword, you can provide a string that Message Screener will look for in e-mail messages. You can select whether the action is applied if the keyword is found in the Message subject or body, Message subject, or Message body. You can select an action from the Action drop-down list: Delete message, Hold message, or Forward message to. If you select Forward message to, in E-mail address provide the e-mail address to which the e-mail messages containing the keyword should be sent. Click OK after you have configured the keyword rule. You can then add additional keywords by clicking Add and repeating this step.
     
   • On the Users/Domains tab, you can add the names of senders or of entire domains for which e-mail messages will be blocked. To add a sender, in Sender’s e-mail address, type the sender’s e-mail address in the format user@domain.com, and then click Add. To add a domain, in Domain name, type the name of the domain in the format domain.com, and then click Add.
     
   • On the Attachments tab, click Add to open the Mail Attachment Rule dialog box. In this dialog box, you can select an attachment parameter that Message Screener will check: Attachment name, Attachment extension, or Attachment size limit. Then, provide a value for the parameter you selected. You can select an action from the Action drop-down list: Delete message, Hold message, or Forward message to. If you select Forward message to, in E-mail address provide the e-mail address to which the e-mail messages containing the keyword should be sent. Click OK after you have configured the keyword rule. You can then add additional keywords by clicking Add and repeating this step. Click OK when you have configured the mail attachment rule. You can then add additional attachments by clicking Add and repeating this step.
     
5. After you configure Message Screener to screen e-mail messages based on keywords, users or domains, or attachments, click OK to close the SMTP Filter Properties dialog box.
6. In the ISA Server details pane, click Apply to apply the changes you have made.

Message Screener Procedure 8: Configure your Mail Server to Receive Mail from the Message Screener Computer

When you use Message Screener, you will be publishing Message Screener to receive e-mail messages, rather than your Exchange server or other mail server. You therefore must configure your mail server to receive mail from the Message Screener computer. The procedure for doing so will differ depending on the type of mail server you are using. In the case of Exchange Server, you would use the Smart Host feature to indicate to the Exchange server to receive its mail from Message Screener.

If Message Screener is located on the same network as the mail server, you can point directly to the Message Screener computer.

If Message Screener is located on a network other than that which hosts the mail server, as in the case where Message Screener is in a perimeter network and the mail server is in the Internal network, use the following guidelines:

• If the perimeter network has a route relationship with the Internal network, the mail server can point directly to the IP address of the Message Screener computer.
• If there is a NAT relationship from the Internal network to the perimeter network, the mail server on the Internal network must be published to the perimeter network, so the mail server should point to the perimeter network adapter of the ISA Server array member that is hosting Message Screener. If you have installed Message Screener on all of the array members and are using ISA Server integrated NLB on the perimeter network, the mail server should point to the perimeter virtual IP address. Publishing the internal mail server is described in Appendix A: Publishing a Mail Server in a NAT Scenario in this document.

Screening Outgoing E-Mail Messages Using Message Screener

If you install Message Screener in a perimeter network, you can also configure Message Screener to block specific outgoing mail. To do so, configure your internal Exchange server (or other mail server) to route outgoing mail through Message Screener. Message Screener will then receive all outgoing mail before it is forwarded to the Internet, and will screen the outgoing mail according to the configuration you created in Message Screener Procedure 7: Configure Message Screener in this document.

If you installed Message Screener on a computer that is in a different network than your Exchange server, you will also create an access rule allowing access from the Exchange server (or the network it is contained in) to the Message Screener computer (or the network it is contained in).

Some scenarios in which you may want to block outgoing mail are:

• Block outgoing mail containing video files, to reduce the use of bandwidth for forwarding television commercials to friends.
• Block outgoing mail that contains viruses and worms in an effort to protect other Internet connected networks.
• Prevent users from sending attachment documents and other files that contain proprietary corporate data.

Because the Message Screener configuration applies consistently to all e-mail messages that pass through Message Screener, any configuration changes to Message Screener will also apply to incoming e-mail messages.

Appendix A: Publishing a Mail Server in a NAT Scenario

When you use Message Screener, you will be publishing Message Screener to receive e-mail messages, rather than your Exchange server or other mail server. You therefore must configure your mail server to receive mail from the Message Screener computer. If there is a network address translation (NAT) relationship from the Internal network to the perimeter network, the mail server on the Internal network must be published to the perimeter network, so the mail server should point to the perimeter network adapter of the ISA Server array member that is hosting Message Screener. If you have installed Message Screener on all of the array members and are using ISA Server integrated NLB on the perimeter network, the mail server should point to the perimeter virtual IP address.

To publish the mail server on the Internal network to the Message Screener computer on the perimeter network, create a new mail publishing rule using the New Mail Server Publishing Rule Wizard:

1. Expand Microsoft ISA Server Management, expand the array node, and click Firewall Policy.
2. In the Firewall Policy task pane, on the Tasks tab, select Publish a Mail Server to start the New Mail Server Publishing Rule Wizard.
3. On the Welcome page of the wizard, provide a name for the rule, such as Inbound SMTP from Message Screener, and then click Next.
4. On the Select Access Type page, select Server-to-server communication: SMTP, NNTP and then click Next.
5. On the Select Services page, select SMTP, and then click Next.
6. On the Select Server page, provide the IP address of the Exchange server, and then click Next.
7. On the IP Addresses page, select the network that will listen for Web requests. Because you want ISA Server to receive requests from the perimeter network, select the perimeter network.
8. On the IP Addresses page, select specific addresses on which you will listen. Click the Address button. The default selection is to listen on all IP addresses on the network. This will include both dedicated IP addresses and virtual IP addresses on the perimeter network, if NLB is enabled. We recommend that you select Default IP address(es) for network adapter(s) on this network. This will select the default virtual IP address if NLB is enabled, and will select the default IP addresses on the network adapters of the ISA Server array if NLB is not enabled. If you have enabled NLB, and have created more than one virtual IP address, you should select Specified IP addresses on the ISA Server computer in the selected network, and then select the specific virtual IP address in the Available IP Addresses list.
9. Click OK, and on the IP Addresses page, click Next.
10. On the summary page, scroll through the rule configuration to make sure that you have configured the rule correctly, and then click Finish.
11. In the ISA Server details pane, click Apply to apply the changes you have made. It will take a few moments for the changes to be applied.