Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

Just as easily as information can be exported from ISA server, it can be imported back in. The portability and flexibility that this type of process gives ISA administrators greatly eases the administrative burden associated with managing settings such as firewall rules, URL sets, and general ISA configuration.

Importing Individual ISA Components

To import individual ISA components, use the Import entry in the Tasks pane. This option allows for individual elements, such as network rules, firewall rules, URL sets, or other ISA components to be restored or transferred to other servers. To perform the import, do the following:

NOTE

If an exported rule contains information about a rule that utilizes a particular Secure Sockets Layer certificate, that certificate must also be exported and imported into the destination server.

1.

Select the configuration screen for the component to be imported. Depending on which component is to be imported, this could be the Firewall Policy node, Networks node, Monitoring node, or Cache node.

2.

Make sure that the Task tab is visible in the Tasks pane.

3.

Select the Import component, labeled based on the type of import, such as Import Cache Rules, Import Firewall Policy, and the like.

4.

Browse to and select the XML configuration file to be imported.

5.

Configure options for importing user permission settings and cache drive settings as appropriate.

6.

If user permission settings are selected (this option is available only if the selected file was exported with user permission settings), enter the password required to decrypt the information, as shown in Figure 18.5

Figure 18.5. Importing individual ISA elements.

7.

Click Import.

8.

When the import process completes, click OK.

Importing Entire ISA Configs

The entire configuration of an ISA server can be imported onto a server to clone a configuration to another server, restore a server to a prior state, or assist with disaster recovery. After following the steps previously outlined to export the configuration, perform the following to import that information:

CAUTION

Importing information to an ISA server overwrites current settings, so it is important that any configuration on the server is no longer needed.

1.

Right-click on the server name in the navigation tree. Select Import.

2.

At the subsequent dialog box, click Yes to confirm that you are aware of the overwrite nature of the import process.

3.

Select the configuration file to be imported.

4.

Configure options for importing user permission settings and cache drive settings as appropriate.

5.

If user permission settings are selected (this option is available only if the selected file was exported with user permission settings), enter the password required to decrypt the information and click OK.

NOTE

If the configuration was exported with certificate information and is then imported into a computer with different certificates, the firewall service fails to start. To correct this problem, export the original certificate(s) and import them to the new computer.

Importing URL Sets

As previously mentioned, it is highly valuable to be able to import specific URL sets, which can be used to limit traffic destinations based on URLs. Through mass import and export, the administrative overhead associated with importing lists of URLs is greatly decreased.

To import all URL sets from the export XML file that was previously created, perform the following steps:

1.

In the ISA Server Management console, select Firewall Policy under the server name in the selection tree on the left.

2.

Make sure that the Toolbox tab is visible on the right action bar.

3.

Select the Network Objects bar and right-click on URL Sets. Select Import All.

4.

At the welcome dialog box, click Next to continue.

5.

Select the file containing URL sets to be imported.

6.

Choose whether to import user permission settings and cache drive settings. If you do, you need the password that was entered when the sets were exported. Click Import.

7.

Enter the encryption password if required.

8.

Click OK at the conclusion of the import.

Similarly, importing specific URL sets follows the same general process, with a few modifications as follows:

1.

In the ISA Server Management console, select Firewall Policy under the server name in the selection tree on the left.

2.

Make sure that the Toolbox tab is visible on the right action bar.

3.

Select the Network Objects bar and expand URL Sets. Right-click on the set to be replaced and select Import to Selected.

4.

Select the file containing the URL set to be imported.

5.

Choose whether to import user permission settings and cache drive settings. If you do, you need the password that was entered when the sets were exported. Click Import.

6.

Enter the encryption password if required.

7.

Click OK at the conclusion of the import.

    Категории