ISA Server 2006 Enterprise Edition only
When you apply the Front Firewall network template, Microsoft Internet Security and Acceleration (ISA) Server 2006 configures network rules and firewall policy rules, in accordance with the specific policy you specify.
The Configuration Storage server used by the computer running ISA Server services (at the front end) might be located behind another ISA Server computer (at the back end), as illustrated in the network template diagram on the Networks tab.
To allow the front-end ISA Server computer access to the Configuration Storage server, you must create a server publishing rule on the back-end ISA Server computer with the following parameters:
When you specify an alternate Configuration Storage server (for failover), be sure to also publish that server.
When you install a computer running ISA Server services, you specify the Configuration Storage server it should use. The Configuration Storage server can also be specified after installation, using the Configuration Storage Server Connection Wizard.
If the front-end ISA Server computer belongs to a domain, the name that you specify for the Configuration Storage server should resolve to the Configuration Storage server or to the back-end ISA Server computer, depending on the network relationship.
If the front-end ISA Server computer belongs to a workgroup, a certificate must be installed to allow communication with the Configuration Storage server. The name specified for the Configuration Storage server should match the certificate located on the Configuration Storage server. This name must resolve to the Configuration Storage server (when a route relationship is configured between the networks) and to the back-end ISA Server computer (when a network address translation (NAT) relationship is configured between the networks).
If the front-end ISA Server computer belongs to a domain, the name that you specify for the Configuration Storage server should resolve to the Configuration Storage server (when a route relationship is configured between the networks) and to the back-end ISA Server computer (when a NAT relationship is configured between the networks).