Installing the Firewall on the First Array Member

  • Article

The enterprise and array configuration are now in place on the Configuration Storage server. You can now install the ISA Server 2004 Enterprise Edition software on the first array member and enable the first array member to join the array that you have preconfigured.

In this section, you will perform the following procedures:

  • Install the ISA Server 2004 software on the first array member. The ISA Server 2004 Enterprise Edition Setup Wizard makes it easy to install the first member of the ISA Server 2004 Enterprise Edition array.
  • Configure the intra-array communications IP address. You later enable Network Load Balancing (NLB) on the internal and external interfaces of the ISA Server 2004 Enterprise Edition array. To provide full NLB support, you will configure the array members to use a network interface and IP address dedicated to intra-array communications.

Install the ISA Server 2004 Software on the First Array Member

Perform the following steps to install the ISA Server 2004 Enterprise Edition software on the first member (array-1) of the enterprise array:

  1. Insert the ISA Server 2004 Enterprise Edition CD-ROM into the first array member (array-1 in this example) and click Install ISA Server 2004 on the Autorun page. If the Autorun page does not appear, double-click ISAAutorun.exe on the root of the CD.
  2. Click Next on the Welcome to the Installation Wizard for Microsoft ISA Server 2004 page.
  3. On the License Agreement page, read the license agreement, and then select the I accept the terms in the license agreement option. Click Next.
  4. On the Customer Information page, enter your User Name, Organization, and Product Serial Number. Click Next.
  5. On the Setup Scenarios page, select the Install ISA Server services option. Click Next.
    Cc302638.97fc0b65-1f7f-4a0e-ab65-8ca067e521aa(en-us,TechNet.10).gif
  6. On the Component Selection page, you can see that ISA Server, Advanced Logging, and ISA Server Management are installed by default. Accept these default settings and click Next.
    Cc302638.78c69cf2-f631-4e62-a163-3bca817d85a6(en-us,TechNet.10).gif
  7. On the Locate Configuration Storage Server page, enter the fully qualified domain name of the Configuration Storage server in the Configuration Storage server (type the FQDN) text box. In this example, the FQDN of the Configuration Storage server is dc.msfirewall.org. Enter this value in the text box and click Next.
    Cc302638.3c4bfb57-6530-4ce6-b297-98ad127e50a5(en-us,TechNet.10).gif
  8. On the Array Membership page, select the Join an existing array option and click Next.
    Cc302638.352acbc9-6e12-4c8f-ad6a-49cc39ca2801(en-us,TechNet.10).gif
  9. On the Join Existing Array page, click the Browse button.
  10. On the Arrays to join page, select the array and click OK.
    Cc302638.f3591e21-c336-4b00-86e0-5b6cb4e67051(en-us,TechNet.10).gif
  11. Click Next on the Join Existing Array page.
    Cc302638.2c8d57aa-a4ab-4411-93cf-0ef0ffe7248d(en-us,TechNet.10).gif
  12. On the Configuration Storage Server Authentication Options page, select the Windows authentication option and click Next.
    Cc302638.b2fe095b-167d-4f26-b808-2d5228dcd54a(en-us,TechNet.10).gif
  13. On the Internal Network page, click the Add button.
  14. In the Address dialog box, click the Add Adapter button.
  15. In the Select Network Adapters dialog box, select the check box for the internal interface of the first array member. Click OK.
    Cc302638.037876bb-909c-4910-ab6a-5023a9053f52(en-us,TechNet.10).gif
  16. Click OK in the Addresses dialog box.
    Cc302638.07747161-df43-42ae-9c55-f7aef4ab3f2a(en-us,TechNet.10).gif
  17. Click Next on the Internal Network page.
    Cc302638.3ffcd293-865c-4047-aaa9-013ccfba5565(en-us,TechNet.10).gif
  18. Click Next on the Services Warning dialog box.
  19. Click Install on the Ready to Install the Program page.
  20. On the Installation Completed page, click the Finish button.
  21. Click Yes on the Microsoft ISA Server dialog box asking if you want to restart the firewall.

Configure the Intra-Array Communications IP Address

Array members need to communicate with one another through network interfaces connected to the dedicated NLB network that you created earlier. By default, intra-array communications take place on the primary IP address bound on each member of the array. However, because you later enable NLB on both the internal and external interfaces of each firewall in the enterprise array, you need to force the array members to communicate using the IP addresses bound to the adapters connected to the intra-array network.

Perform the following steps to force the first array member to use the intra-array adapter for intra-array communications (the second array member automatically detects that it should use the adapter on the same network ID as the intra-array adapter on the first member of the array):

  1. In the left pane of the ISA Server 2004 Enterprise Edition console, expand the array name, and then expand the Configuration node. Click the Servers node.
  2. In the details pane of the console, right-click the name for the first server in the array (array-1 in this example) and click Properties.
  3. In the array-1 Properties dialog box, click the Communication tab. On the Communication tab, enter the IP address of the intra-array network interface in the Use this IP address for communication between array members. In this example, type 222.222.222.1, in the text box.
    Cc302638.2518fcff-9e0a-4b26-b736-45720684421f(en-us,TechNet.10).gif
  4. Click Apply, and then click OK in the array-1 Properties dialog box.
  5. Click Apply to save the changes and update the firewall policy.
  6. Click OK in the Apply New Configuration dialog box.

[Topic Last Modified: 02/26/2008]