Configuring monitoring, reporting, and logging

The ProLiant DL320 Security Server has a comprehensive logging and reporting facility. Configure firewall logging and web proxy logging immediately to get the full benefit from the feature set.

Configuring firewall logging

The firewall log records connections from Secure NAT and firewall clients on the internal and external networks. Firewall logging can be configured to use one of several storage methods, each with its own advantages and disadvantages.

File logging

SQL database logging

MSDE database logging

To configure the Microsoft® firewall service basic logging properties:

1.In the scope pane of the ISA Server 2004 management console, expand your server name, and then click the Monitoring node.

2.In the details pane, click the Logging tab.

3.In the task pane, click the Tasks tab, and click Configure Firewall Logging. The Log tab appears in the Firewall Logging Properties dialog box.

4.Select the log storage format that best fits. The File format option is best when copying log file information to a third-party application on another computer. The SQL database format option is best when there is an SQL database on the internal network and you have the expertise to manage an SQL database. The MSDE database format option is an excellent option when SQL text-based logging is not used.

5.Select the File format option. From the Format list, select the ISA Server file format. This format saves log file entries using the local time configured on the ProLiant DL320 Security Server to stamp the log entries.

6.Click Apply>OK.

7.Click Apply at the top of the details pane to save the changes and update the firewall policy.

NOTE: When using file-based logging, the real-time log file cannot perform queries.

Configuring web proxy logging

The web proxy logs contain information about connections from web proxy clients. Web proxy logging can be configured to use many different storage methods. Each storage method has its own advantages and disadvantages. Web proxy storage methods include:

File logging

SQL database logging

MSDE database logging

To configure the web proxy logging properties:

1.In the scope pane of the ISA Server 2004 management console, expand your server name, and then click the Monitoring node.

2.In the details pane, click the Logging tab.

3.In the task pane, click the Tasks tab, and then click Configure Web Proxy Logging. The Log tab appears in the Web Proxy Properties dialog box.

4.Select the log storage format that best meets your needs. The file format option is best when copying log file information to a third-party application on another computer on the internal network. The

Managing and maintaining the firewall 22

Page 22
Image 22
HP Microsoft Internet Security and Acceleration (ISA) Software manual Configuring monitoring, reporting, and logging

Microsoft Internet Security and Acceleration (ISA) Software specifications

HP Microsoft Internet Security and Acceleration (ISA) Software is a robust network security solution designed to safeguard business environments by offering a versatile platform for secure internet access. ISA Server integrates multiple functionalities that are essential for modern enterprise needs, helping organizations manage and protect their network infrastructure.

One of the main features of ISA Server is its firewall capabilities, which provide an essential barrier between internal networks and external threats. The software utilizes intelligent packet filtering to analyze incoming and outgoing traffic, ensuring that only legitimate communications are allowed while blocking potentially harmful activity. This helps to mitigate risks associated with external cyber threats and unauthorized access.

Another key feature is the built-in web caching technology. ISA Server improves network performance by caching frequently accessed websites and content. This reduces bandwidth usage and enhances response times for end-users, leading to increased productivity. By storing copies of web pages, ISA Server can serve them quickly to users, allowing enterprises to optimize their use of internet resources.

ISA Server also includes a powerful Virtual Private Network (VPN) feature, enabling secure remote access for employees. This technology supports secure connections over the internet, allowing users to access the corporate network and resources from anywhere in the world. The VPN capabilities ensure data encryption during transmission, protecting sensitive information from interception.

Moreover, ISA Server incorporates integrated threat management tools, which offer insights into potential security issues. These tools provide logging and reporting features that allow administrators to monitor traffic patterns and detect anomalies. This functionality is critical for identifying and responding to potential security breaches in real-time.

In addition to these features, ISA Server supports application-layer filtering, which enhances security further. This allows organizations to control access to specific applications and services while ensuring that malicious content cannot infiltrate the network.

Overall, HP Microsoft Internet Security and Acceleration Software is a comprehensive solution designed to address the complexities of network security in today’s digital landscape. Its combination of firewall protection, web caching, VPN capabilities, and application-layer filtering makes it an invaluable tool for organizations looking to secure their internet connectivity while optimizing performance and user experience. By leveraging advanced technologies and characteristics, ISA Server empowers businesses to operate safely and efficiently in an interconnected world.