Windows 2000/Windows 2003 Configuration Baseline

  • Article

You can install ISA Server 2004 on either Windows 2000 server or Windows Server 2003. There should be no extra services or applications running on the ISA Server 2004 machine, other than those discussed in this ISA Server 2004 Quick Start Guide. This is important because additional services or applications can complicate the ISA Server 2004 software installation and reduce the level of security the firewall can provide for your network.

The firewall machine should not be acting in any of the following roles:

  • Domain controller
  • Web Server
  • FTP Server
  • Certificate Server
  • NNTP (NEWS) Server
  • Exchange Server
  • Sharepoint Server

If the machine on which you were planning to install the ISA Server 2004 software is acting in any of these roles, you should find another computer to use for your ISA Server 2004 firewall.

The firewall is the first computer Internet intruders try to attack because it is directly connected to the Internet. ISA Server 2004 is a firewall that helps protect your network from attackers and the ISA Server machine itself should be configured as securely as possible.

Warning

The Guidelines in this Quick Start Guide do not apply to Small Business Server (SBS). SBS enforces a unique set of requirements on the ISA Server 2004 software which fall outside the scope of this Quick Start Guide. Please refer to your SBS documentation for details on how to install and configure ISA Server 2004 on an SBS machine.

This Quick Start Guide makes the following assumptions about the Windows 2000 Server or Windows Server 2003 computer on which you will install the ISA Server 2004 firewall software:

We do not assume that you have any other Windows servers on your network. You can have other Windows servers on your network, but they are not required.

  • We assume that you are installing ISA Server 2004 on either a Windows 2000 Server or Windows Server 2003 computer.
  • We assume that you have installed Windows 2000 Server or Windows Server 2003 on a computer using the default installation settings and have not added any software to the Windows 2000 Server or Windows Server 2003 computer
  • We assume that your Windows 2000 Server or Windows Server 2003 computer already has two Ethernet cards or an Ethernet card and a cable or DSL modem installed. We further assume that one of the Ethernet network interfaces is connected to the LAN and the other is connected to the Internet, or a single Ethernet card is connected to your LAN and a modem connects to the Internet.
  • We assume that all machines on your internal network use the TCP/IP networking protocol to connect to one another.
  • We assume that machines on the Internal network are configured as DHCP clients and will use the ISA Server 2004 firewall machine as their DHCP server.
  • We assume that the Windows 2000 Server or Windows Server 2003 machine onto which you’re installing the ISA Server 2004 firewall software is not a member of a Windows domain. You can have a Windows 2000 Server or Windows Server 2003 domain on the internal network, but the computer running ISA Server 2004 does not need to be a member of your domain. However, if you do have an internal network domain and the Windows 2000 Server or Windows Server 2003 computer onto which you plan to install the ISA Server 2004 software is already a member of the internal network domain, you can leave that machine as a domain member. This will not change any of the procedures discussed in this document.

The goal of this Quick Start Guide is to get you started quickly. It does not go into detailed explanations or descriptions of ISA Server 2004’s many features and capabilities. You can learn about your ISA Server 2004 firewall in more detail after your firewall is configured and the computers on your network can access the Internet.

Throughout this Quick Start Guide, we will refer to internal and external interfaces. The internal interface is the Ethernet card or modem connecting the ISA Server 2004 firewall computer to your private network or LAN. The external interface is a network interface connecting you to the Internet. This external interface can be an Ethernet card, an analog modem, a T1 CPE/router or even a broadband DSL or cable bridge (“modem”) or router.

Figure 1 shows the ISA Server 2004 firewall and its relationship to the internal and external networks. The internal interface is an Ethernet card connected to a hub or switch on the internal network and the external interface is an Ethernet card or a modem connecting the ISA Server 2004 firewall to the Internet.

Cc302481.15bf9058-57f9-411b-a962-1cc8c65878fc(en-us,TechNet.10).gif

Figure 1: The physical relationships between the ISA Server 2004 firewall and the internal and external networks.

There are 5 steps required to get the ISA Server 2004 firewall installed and configured to help protect your network and enable internal network clients to access the Internet:

  • STEP 1:
    Configure the network interfaces
  • STEP 2:
    Install and configure a DNS server on the ISA Server 2004 firewall computer
  • STEP 3:
    Install and configure a DHCP server on the ISA Server 2004 firewall computer
  • STEP 4:
    Install and configure the ISA Server 2004 software
  • STEP 5:
    Configure the internal network computers as DHCP clients

The rest of this Quick Start Guide walks you through each of these steps.

[Topic Last Modified: 02/26/2008]