Microsoft Internet Security and Acceleration Server 2004 SDK

Network View

In a classic view of a multi-networking environment, a firewall or router provides connectivity between one or more networks. Depending on how access control is configured on the firewall or router, communication is allowed to pass between the networks. For example, consider the following figure, which illustrates a classic view of the multi-networking scenario.

In the figure, a corporate network is connected to the Internet, allowing clients access to the Internet. A perimeter network (also known as a DMZ, demilitarized zone, or screened subnet) is connected to the corporate network and to the Internet, allowing access to its resources.

The relationships between the networks can be defined as follows:

Clients on the Internet can access resources on the perimeter network.

You can use ISA Server to define network rules (FPCNetworkRule objects), thereby allowing access between the networks. When you do so, you define not only whether the networks are connected, but also how they are connected. In this way, you establish the network access policy between the networks.

The following figure illustrates the concept of network access policy. Here, network rules have been configured to allow network access between the same networks shown in the previous figure.

In other words, network rules define the relationships between the networks as follows:

The general guideline is that when you publish IP addresses, you define a routing relationship. If you do not want to expose IP addresses, you define a NAT relationship.

Administrator's Role

The administrator's tasks include establishing ISA Server rules and policies, and configuring the cache. ISA Server rules determine how ISA Server clients communicate with the Internet and the type of communication that is allowed. These rules also determine how servers on your local network communicate with Internet users.

Four items are shown in the network view figure:

You can programmatically perform or automate ISA Server administration tasks by accessing the ISA Server COM objects. For more information, see ISA Server Administration Scripting.