Access to back-end Configuration Storage server (Enterprise Edition)

ISA Server 2006 Enterprise Edition only

When you apply the Front Firewall network template, Microsoft Internet Security and Acceleration (ISA) Server 2006 configures network rules and firewall policy rules, in accordance with the specific policy you specify.

The Configuration Storage server used by the computer running ISA Server services (at the front end) might be located behind another ISA Server computer (at the back end), as illustrated in the network template diagram on the Networks tab.

To allow the front-end ISA Server computer access to the Configuration Storage server, you must create a server publishing rule on the back-end ISA Server computer with the following parameters:

  1. Set the IP address of the published server to the IP address of the Configuration Storage server.
  2. Set the protocol to MS Firewall Storage Server.
  3. Set the source to the IP address of the front-end ISA Server computer. To do this, you should create a computer element with that IP address and specify the computer on the From tab.
  4. Set the network listener to External.

When you specify an alternate Configuration Storage server (for failover), be sure to also publish that server.

Configuration Storage server name

When you install a computer running ISA Server services, you specify the Configuration Storage server it should use. The Configuration Storage server can also be specified after installation, using the Configuration Storage Server Connection Wizard.

If the front-end ISA Server computer belongs to a domain, the name that you specify for the Configuration Storage server should resolve to the Configuration Storage server or to the back-end ISA Server computer, depending on the network relationship.

If the front-end ISA Server computer belongs to a workgroup, a certificate must be installed to allow communication with the Configuration Storage server. The name specified for the Configuration Storage server should match the certificate located on the Configuration Storage server. This name must resolve to the Configuration Storage server (when a route relationship is configured between the networks) and to the back-end ISA Server computer (when a network address translation (NAT) relationship is configured between the networks).

If the front-end ISA Server computer belongs to a domain, the name that you specify for the Configuration Storage server should resolve to the Configuration Storage server (when a route relationship is configured between the networks) and to the back-end ISA Server computer (when a NAT relationship is configured between the networks).



web link Get latest ISA Server content at ISA Server Guidance.
Send feedback about this page Send feedback about this page.