Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
The ISA Firewall client, after it is installed, shows in the client's System Tray (near the clock). If it is right-clicked, as shown in Figure 11.11, it can be configured or disabled, if the proper local administrative rights are configured for the logged-in user. Figure 11.11. Viewing the ISA Firewall client tray icon.
Getting Familiar with the Firewall Client Functionality
Right-clicking on the Firewall Client icon and choosing Configure produces two sets of options, as illustrated in Figure 11.12. Figure 11.12. Configuring ISA Firewall client settings.
This is the only level of configuration that can be done from the client itself, and is mainly limited to enabling or disabling the client, changing how the ISA server is detected, and setting whether web browser settings are automatically detected and changed. Modifying Rules for Firewall Clients
After the Firewall client is deployed, the real desired functionality becomes available on the ISA Server itself: the capability to create per-user rules and configurations. From the ISA Server console itself, individual rule elements can be locked down to be accessible from only particular users, via the Users tab under Access Rules. NOTE Per-user firewall rule configuration is limited to Access rules, and is not available for server-based publishing rules. To illustrate this concept, the following procedure modifies an existing rule that allows web browsing access to the Internet only to members of the AD Group called Management:
Using the Firewall Client Tool Pack (FWCToolPack)
Microsoft has released a powerful and useful tool for the Firewall client called the Firewall Client for ISA Server 2004 Support Tool (FWCToolPack). It is available from the Microsoft ISA Downloads page (http://www.microsoft.com/isaserver/downloads/2004.asp) and can be use to troubleshoot ISA Client and Server issues via the command-line interface, such as what is shown in Figure 11.14. Figure 11.14. Viewing FWCToolPack Options.
As illustrated, there are several key options that can be used as part of this tool, such as displaying the server configuration, which ports are being used, what the browser configuration settings are, whether the server can be pinged, and several others. This tool can be a useful troubleshooting tool for Firewall client connectivity issues. |