Share via

FW_H_NewNetRule

  • Article

To create a network rule

  1. In the console tree of ISA Server Management:

    • For ISA Server 2006 Enterprise Edition, for enterprise networks, expand Microsoft Internet Security and Acceleration Server 2006, expand Enterprise, and then click Enterprise Networks.
    • For ISA Server 2006 Enterprise Edition, for array-level networks, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, expand Configuration, and then click Networks.
    • For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, expand Configuration, and then click Networks.

  2. In the details pane, select the Network Rules tab.

  3. On the Tasks tab, click Create a Network Rule.

  4. When the New Network Rule Wizard starts, follow the on-screen instructions.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.

Important

After you create a network rule, you must click the Apply button in the details pane to save changes and update the configuration.
Because network address translation (NAT) relationships are directional, you should not create network rules that actually define bidirectional NAT relationships.
In a NAT relationship, IP addresses of computers on the source network are replaced by an IP address of an adapter on the ISA Server computer that is connected to the destination network. NAT relationships are unique and unidirectional. If a NAT relationship is defined between Network A (source network) and Network B (destination network), no network relationship can be defined between Network B (as the source) and Network A (as the destination).
In a route relationship, ISA Server routes the traffic between computers on the source and destination networks. IP addresses of computers on both networks are visible. Route relationships are bidirectional. If a route relationship is defined for traffic from Network A (source) to Network B (destination), a route relationship also exists for traffic sent from Network B to Network A.
For ISA Server 2006 Enterprise Edition, ISA Server processes array-level network rules first, and then processes enterprise-level network rules. Array administrators can override enterprise-level network rules by creating array-level network rules.
For ISA Server 2006 Enterprise Edition, enterprise-level network rules can apply only to enterprise network objects. Array-level network rules can apply to both array-level and enterprise-level networks.

Concepts

FW_H_EditNetRule