Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

One of the major improvements in ISA Server 2004 over older versions of the software is the capability to back up individual or complete ISA settings to a simple text file in Extensible Markup Language (XML) format for easy import into other servers. This functionality gives administrators much more flexibility to export individual rules or other ISA elements and then import them into additional servers or use them to restore a server.

Exporting Individual Sets of Rules

ISA Server export is not limited in scope, but can be used to export out individual rules, entire rule sets, or other specific functionality on a server. These configuration sets can subsequently be imported back into ISA Server or onto another ISA Server configuration. This includes export and import of rules and configuration from ISA Server 2004 Standard Edition to ISA Server 2004 Enterprise Edition. The advantages to this functionality are immediately obvious because individual customized elements can be backed up easily and restored at will.

To export all the firewall policy rules, perform the following steps:

1.

In ISA Server Management console, select Firewall Policy in the console tree on the left.

2.

Make sure that the Tasks tab is visible in the Tasks pane.

3.

Under Related Tasks, choose Export Firewall Policy.

4.

Select a name for the export file and check the box to export confidential information and click Export.

NOTE

If confidential information is exported, a password is assigned to the exported file for encryption purposes. That password is required to import the file.

5.

Enter a valid password and click OK.

6.

The export process displays the dialog box shown in Figure 18.1 while it is processing. After the export completes, click OK.

Figure 18.1. Exporting ISA settings.

CAUTION

Because the exported files contain sensitive information that could potentially compromise a network or system, they should be protected and stored in a safe location and deleted when they are no longer needed.

Exporting the Entire ISA System Config to an XML File

A firewall's entire configuration can be exported for disaster protection reasons, as well as to assist with the configuration of a large number of ISA servers. Because the system policy rules are often server specific, you can export the entire server configuration without the system policy rules by using the Export feature, or you can export the entire configurationincluding the system policy rulesby using the Backup feature.

NOTE

The only difference between a full configuration export and a backup is that the Backup feature also copies system policy rules. Otherwise, the techniques are identical.

To perform a backup of the ISA configuration, with all system policy rules and custom-configured rules (often used for disaster protection and recovery), perform the following steps:

1.

In ISA Server Management console, right-click the server name in the selection tree on the left.

2.

Select Back Up, as shown in Figure 18.2.

Figure 18.2. Backing up the ISA Server configuration.

3.

Enter a name for the backup file and a backup location for the file. Click Backup.

4.

Enter a password that will be used to encrypt the backup file. This password is required to restore the backup. Click OK.

5.

After the backup completes, click OK.

In some cases, you may want to export only the configuration without the system policy rules. This is normally done when replicating settings between multiple ISA servers. To export the configuration of an ISA server, perform the following steps:

1.

In ISA Server Management console, right-click the server name in the selection tree on the left.

2.

Select Export.

3.

Enter a name for the export file, a backup location, and select to export confidential information and user permission settings, as shown in Figure 18.3. Click Export.

Figure 18.3. Exporting the ISA Server configuration.

NOTE

If confidential information is exported, a password is assigned to the exported file for encryption purposes. That password is required to import the file.

4.

Selecting to export confidential information generates a password prompt. Enter a valid password twice and click OK.

5.

After the export completes, click OK.

As previously mentioned, because the exported files contain sensitive information that could potentially compromise your network or system, they should be protected and stored in a safe location and deleted when they are no longer needed.

Exporting URL Sets

URL sets can be used to limit traffic destinations based on URLs. Because it is often very labor intensive to manually enter in these sets of URLs, it is often ideal to manually export and import then between ISA servers. To export all URL sets on a server, perform the following steps:

1.

In ISA Server Management console, select Firewall Policy in the console tree.

2.

Make sure that the Toolbox tab is visible in the Tasks pane.

3.

Select the Network node and right-click on URL Sets. Select Export All, as shown in Figure 18.4

Figure 18.4. Exporting URL sets.

4.

The Export Configuration dialog box now appears. Click Next.

5.

Enter a name and location for the XML file and check the box to Export confidential information. Click the Export button.

6.

Enter a password twice to encrypt the information and click OK.

If individual URL sets need to be exported, a similar procedure can be used to do so:

1.

In ISA Server Management console, select Firewall Policy under the server name in the selection tree on the left.

2.

Make sure that the Toolbox tab is visible on the right action bar.

3.

Select the Network Objects bar and expand URL Sets. Right-click the URL set to be exported (URL sets must be previously established for this procedure to work) and select Export Selected.

4.

The Export Wizard now appears. Click Next.

5.

Choose whether to export confidential information and if so, provide a password that will be used to encrypt the confidential information. Click Next.

6.

Enter a filename for the export file. Click Next.

7.

Click Finish.

The automatic import and export of URL sets can greatly ease the administrative burden of managing lists of websites for specific ISA rules and configuration.

    Категории