Getting started with Microsoft ISA Server 2006, Part 5: Network Layout Concept

Configure Network Layout

From Part 3: Installation and Part 4: Service Pack 1, you learn how to install and update ISA Server 2006. Next, it is time to configure the ISA Server 2006. On this post, I am going to show how to configure networking environment for ISA Server 2006 by selecting from the pre-defined network templates.By default, ISA Server 2006 comes with five pre-defined network templates. You can select one of them that match your networking environment.

Let’s see each of them in details.

1. Edge Firewall
   This is a standard network topology for small to medium organization. The ISA Server is a main gateway controlling traffic between the intranet (LAN) and the Internet networks. The ISA Server needs 2 network interface cards.
   
2. 3-Leg Perimeter
   This is a standard network topology for medium to large organization. There is an additional network which is a perimeter network connects to ISA server compare to the edge firewall. The perimeter network or DMZ (Demilitarized Zone) is a network that is less secure for serving Web server, E-Mail server, DNS server and other services to the Internet users and also the internal users. The ISA Server needs 3 network interface cards.
   
3. Front Firewall
   This is a network topology for organization that security is high priority. In this case, there are more than one firewall. When a hacker attacks the front firewall and it compromises, there is still a back firewall to protect the internal network. This template, ISA Server acts as front firewall server between the Internet and the perimeter network and needs 2 network interface cards.
   
4. Back Firewall
   This network template is similar as the front firewall template except that the ISA Server that you’re configuring is the back firewall which stands between the internal and the perimeter networks.This template, ISA Server needs 2 network interface cards.
   
5. Single Network Adapter
   This is a network template for ISA Server to be act as Proxy server only. ISA Server can do caching to improve performance for users using the Internet in organization. This template, ISA Server requires only a single network interface card as the name of the template.
   

Note: About front and back Firewall templates, you have more than one firewalls. It is best practice not to use the same firewall model. For example, you should have the front firewall as hardware base from one company and the back firewall as software base from another company, or vice versa. If a hacker breaks the front firewall, then the hacker will takes an extra time to break another firewall to reach our internal network since the hacker cannot use the same technique to break the back firewall.

What’s Next?

Well, bore with reading the concept? Let’s see how to configure networking environment in action.