Testing ISA Server 2004 Enterprise Edition Firewall Policies
You can now test array firewall policy. At this time, the enterprise access rule allowing all traffic outbound is the default rule. You can test this rule by opening the Web browser and going to a Web site, such as www.isaserver.org. When you look at the log file entries after making the request, you will see that our enterprise-level allow rule passed the request through the firewall to the Web site.
.gif "Cc302602.5b0db7ce-f731-4d45-9d5c-349d3c87705f(en-us,TechNet.10).gif")
You can now go into the Enterprise Policies node and click the Enterprise Policy 1 node and move the Enterprise All Open access rule to the bottom of the Enterprise Policy. Click Apply to save the changes and update the firewall policy, and then Click OK in the Apply New Configuration dialog box.
Close the Web browser and open it again. Visit the Web site, such as www.msn.com. You see the following entries in the log file.
.gif "Cc302602.926d2cca-451d-4f35-9522-7b5f485e8540(en-us,TechNet.10).gif")
Now use the Web browser to visit the Microsoft FTP site at ftp://ftp.microsoft.com. The log file entries show that the array-level policy did not allow the connection. The connection was passed by the ISA Server firewall array by the enterprise-level policy.
.gif "Cc302602.7d61c778-bc52-4440-b5bc-be73d3742b27(en-us,TechNet.10).gif")
[Topic Last Modified: 02/26/2008]