Scenario 1: The Edge Firewall Configuration
The Edge Firewall template configures the ISA Server 2004 firewall to have a network interface directly connected to the Internet and a second network interface connected to the Internal network. The network template allows you to quickly configure firewall policy Access Rules that control access between the Internal network and the Internet.
Table 1 shows the firewall policies available to you when using the Edge Firewall template. Each of these firewall policies has its own set of Access Rules that it creates, ranging from an all open access policy between the Internal network and Internet to a Block All policy that prevents all access between the Internal network and the Internet.
Table 1: Network Edge Firewall Template Firewall Policy Options | |
Firewall Policy | Description |
Block all | Block all network access through ISA Server. |
| This option does not create any access rules other than the default |
| rule which blocks all access. |
| Use this option when you want to define firewall policy on your |
| own. |
|
|
Block Internet access, | Block all network access through ISA Server, except for access to |
allow access to ISP | network services such as DNS. This option is useful when your |
network services | Internet Service Provider (ISP) provides these services. |
| Use this option when you want to define firewall policy on your |
| own. |
| The following access rules will be created: |
| 1. Allow DNS from Internal Network and VPN Clients Network to |
| External Network (Internet) |
|
|
Allow limited Web | Allow Web access using HTTP, HTTPS, FTP only. Block all other |
access | network access. |
| The following access rules will be created: |
| 1. Allow HTTP, HTTPS, FTP from Internal Network to External |
| Network |
| 2. Allow all protocols from VPN Clients Network to Internal |
| Network |
|
|
Allow limited Web | Allow limited Web access using HTTP, HTTPS, and FTP, and |
access and access to | allows access to ISP network services such as DNS. Block all |
ISP network services | other network access. |
| The following access rules will be created: |
| 1. Allow HTTP, HTTPS, FTP from Internal Network and VPN |
| Clients Network to External Network (Internet) |
| 2. Allow DNS from Internal Network and VPN Clients Network to |
| External Network (Internet) |
| 3. Allow all protocols from VPN Clients Network to Internal |
| Network |
|
|
Allow unrestricted | Allow unrestricted access to the Internet through ISA Server. ISA |
ISA Server 2004 Configuration Guide | 92 |
