To edit a network rule

1. In the console tree of ISA Server Management:
   • For ISA Server 2006 Enterprise Edition, for enterprise networks, expand Microsoft Internet Security and Acceleration Server 2006, expand Enterprise, and then click Enterprise Networks.
   • For ISA Server 2006 Enterprise Edition, for array-level networks, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, expand Configuration, and then click Networks.
   • For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, expand Configuration, and then click Networks.
2. In the details pane, select the Network Rules tab, and then select the applicable network rule.
3. On the Tasks tab, click Edit Selected Network Rule.
4. On the Source Networks tab, next to This rule applies to traffic from these sources, click Add, and then do the following:
   1. In Add Network Entities, select a network object, and then click Add.
   2. Repeat step a to add more network objects. Then, click Close.
   3. To exclude specific network objects, so that the rule does not apply, next to Exceptions, click Add.
   4. In Add Network Entities, select a network object, and then click Add.
   5. Repeat step d to add more network objects. Then, click Close.
5. On the Destination Networks tab, next to This rule applies to traffic sent to these destinations, click Add, and then do the following:
   1. In Add Network Entities, select a network object, and then click Add.
   2. Repeat step a to add more network objects. Then, click Close.
   3. To exclude specific network objects, so that the rule does not apply, next to Exceptions, click Add.
   4. In Add Network Entities, select a network object, and then click Add.
   5. Repeat step d to add more network objects. Then, click Close.
6. On the Network Relationship tab, select one of the following:
   • Network Address Translation (NAT). To specify that a NAT relationship will be used from the source network to the destination network.
   • Route. To specify that a route relationship will be used between the source network and the destination network.

Notes

• For more information about networks in ISA Server, see Network Concepts in ISA Server 2006 at the Microsoft ISA Server TechCenter Web site (http://www.microsoft.com).
• To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.

Important

• After you edit a network rule, you must click the Apply button in the details pane to save changes and update the configuration.
• In a network address translation (NAT) relationship, IP addresses of computers on the source network are replaced by an IP address of an adapter on the ISA Server computer that is connected to the destination network. NAT relationships are unique and unidirectional. If a NAT relationship is defined between Network A (source network) and Network B (destination network), do not define a network relationship between Network B (as the source) and Network A (as the destination).
• In a route relationship, ISA Server routes the traffic between computers on the source and destination networks. IP addresses of computers on both networks are visible. Route relationships are bidirectional. If a route relationship is defined for traffic from Network A (source) to Network B (destination), a route relationship also exists for traffic sent from Network B to Network A.
• Because NAT relationships are directional, you should not create network rules that actually define bidirectional NAT relationships.
• For ISA Server 2006 Enterprise Edition, ISA Server processes array-level network rules first, and then processes enterprise-level network rules. Array administrators can override enterprise-level network rules by creating array-level network rules.
• For ISA Server 2006 Enterprise Edition, enterprise-level network rules can apply only to enterprise network objects. Array-level network rules can apply to both array-level and enterprise-level networks.
• When you change the network relationship type, Internet Control Message Protocol (ICMP) ping traffic does not pass through for one minute. This occurs because ISA Server waits for one minute before it initiates a new connection to prevent the premature termination of existing sessions. Other traffic types, such as HTTP, File Transfer Protocol (FTP), and User Datagram Protocol (UDP) Echo, pass through without interruption.

---

Get latest ISA Server content at ISA Server Guidance(http://www.microsoft.com/). Send feedback about this page.

• English-to-Russian translation