ISA Server安全與速度的完美結(jié)合_第1頁
ISA Server安全與速度的完美結(jié)合_第2頁
ISA Server安全與速度的完美結(jié)合_第3頁
ISA Server安全與速度的完美結(jié)合_第4頁
ISA Server安全與速度的完美結(jié)合_第5頁
已閱讀5頁,還剩91頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡介

企業(yè)級效勞器ISAServer

平安與速度的完美結(jié)合MICROSOFT北京維諾爾計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)有限公司袁子能ISASERVER技術(shù)支Tel:8847243013011035647

E-mail:yuanzineng@平安問題日益增加所有數(shù)據(jù)來自/stats*2001Q1-Q3惡意行為的增長ISASERVERISAServerEditions

ISAServerStandardEditionISAServerEnterpriseEdition功能標(biāo)準(zhǔn)版企業(yè)版▲服務(wù)器的建置單機(jī)運(yùn)作多機(jī)的集中管理▲原則的設(shè)定(policysupport)服務(wù)器本機(jī)服務(wù)器陣列▲硬件支持4顆CPU無限制Web緩存▲擴(kuò)展性適合小型企業(yè)適合中大型企業(yè)▲分散式與階層式緩存僅階層式皆有統(tǒng)一的管理▲Windows?2000ActiveDirectory整合有限完全▲多層次原則無有▲多服務(wù)器管理無有Microsoft?ISAServer2000標(biāo)準(zhǔn)版與企業(yè)版功能比較表安裝ISAServer硬件和軟件的要求選擇安裝模式指定緩存尺寸配置LAT表UpgradingfromMicrosoftProxyServer2.0IdentifyingHardwareandSoftwareRequirementsHardDiskSpace20MBWindows2000Server,

Windows2000AdvancedServer,or

WindowsDatacenterHardDiskFormatNTFSInternalAdapterExternalAdapterActiveDirectoryArraysRAM256MBCPU300MHz

orhigherInstallationModes

CacheModeFirewallModeIntegratedModeMicrosoftISAServerStatusSelectthemodeforthisserver:FirewallmodeSelectthisoptiontoinstallenterprisefirewall

functionality.CachemodeSelectthisoptiontoinstallcacheandWebhosting

functionality.Cachemodeinstallationisrecommendedonlyforcomputers

thatarenotdirectlyconnectedtotheInternet.Ifthis

computerisdirectlyconnectedtotheInternet,installISA

Serverinintegratedmode.IntegratedmodeSelectthisoptiontoinstallintegratedenterprise

firewall,cache,andWebhostingfunctionality.ContinueExitSetup

Selecting

anInstallationModeMicrosoftInternetSecurityandAccelerationServerSetupSetuphasstoppedyourIISpublishingservice(W3SVC).AfterSetupis

complete,uninstallIISorreconfigureallIISsitesnottouseports80and

8080.OKHelpHelpMicrosoftInternetSecurityandAccelerationServerSetupSpecifytheNTFSdrivesonwhichcachesshouldbelocated

andthemaximumsizeofeachcache.Drive: C:[NTFS]Availablespace(MB) 28722Cachesize(MB): 100Totalcachesize(MB): 100MBOKSetDrive [FileSystem] MaximumSize(MB)C: [NTFS] 100CancelHelpSpecifyingtheInitialCacheSizeC: [NTFS] 100Initialcachesizeis100MB.Add0.5MBforeachWebProxyclient.MicrosoftInternetSecurityandAccelerationServerSetupEntertheIPaddressrangesthatspantheinternalnetworkaddressspace.InternalIPranges:From ToEditFromToAdd->Remove->OKCancelHelp00192.168.255MicrosoftInternetSecurityandAccelerationServerSetupEntertheIPaddressrangesthatspantheinternalnetworkaddressspace.InternalIPranges:From ToEditFromToAdd->Remove->Toconstructalocaladdresstable,clickConstruct

Table.ConstructTable…OKCancelHelpConfiguringtheLAT

ClickConstruct

Tabletoconstructalocaladdresstable.1SelectoptionstoaddprivateIPaddressrangesorroutingtableentries.21921681200192168255255Toconstructalocaladdresstable,clickConstruct

Table.ConstructTable…LocalAddressTableSelecttheaddressranges(basedontheWindows2000routingtable)forinclusionin

thelocaladdresstable(LAT).TheLATshouldincludealltheaddressesinyou

internalnetwork.Addthefollowingprivateranges:10.xxx,192.168.xxand172.16.xx-

173.31.xxand169.254.xx..AddaddressrangesbasedontheWindows2000RoutingTableSelecttheaddressrangesthatareassociatedwiththefollowing

internalnetworkadapters:MSLoopBackDriver 293ComEtherLinkPCI(Micros… 00OKCancelHelpCard IPAddressesVerifytheIPaddressesthatdisplayinthelocaladdresstable.3MaintainingtheLATandLDTInternetISAServer00

0000

0025Msplat.txtMsplat.txtClientsUpgradingfrom

MicrosoftWindowsNTUpgradetoWindows2000ProxyServer2.0UpgradingfromMicrosoftProxyServer2.0UpgradingClientComputersPort80Client

RequestsPort

8080ISAServer2000ProxyServer2.0ISAServerWinsockProxyClients

andFirewallClientsISAServer接入形式BastionHost(堡壘型)PerimeterNetworkwithThree-HomedFirewall(三宿主〕PerimeterNetworkwithBack-to-BackFirewalls(背靠背)InternetInternalNetworkFirewallBastionHostPerimeterNetworkwithThree-HomedFirewall

FirewallInternetPerimeterNetworkInternalNetworkPerimeterNetworkwithBack-to-BackFirewalls

ISASRV

ISASRVPerimeterNetworkInternetBranchOffice/SmallBusinessFirewallBranchOfficeor

SmallBusiness實(shí)際連接PerceivedConnectionInternetISAServerISA的設(shè)計(jì)目標(biāo)

Secure,fastInternetconnectivityAccelerationFastWebAccesswithaHigh-PerformanceCacheSecuritySecureInternetConnectivityThroughaMultilayeredFirewallManagementExtensibilityUnifiedManagementwithIntegratedAdministration

ExtensibleandOpenPlatform

需求1:平安的Internet訪問多層次控制方式的防火墻(Multilayer)入侵檢測功能(IntrusionDetection)支持DMZ區(qū)(DMZZone)效勞器發(fā)布功能(ServerPublishing)集成的VPN功能(IntegrationVPN)支持動(dòng)態(tài)包過濾(DynamicFilter)支持NAT“平安鎖緊〞功能(SystemHarden)支持負(fù)載均衡多層次過濾的防火墻

由下至上–保護(hù)每個(gè)層次IP層〔封包過濾〕靜態(tài)過濾動(dòng)態(tài)端口過濾協(xié)議層基于會(huì)話的過濾基于連接的控制應(yīng)用層智能的內(nèi)容探測協(xié)議層Circuit

level應(yīng)用層Application

levelIP層Packet

levelIP包過濾利用IP包頭信息分析IP包內(nèi)容SrcDstpayloadport源地址?目標(biāo)地址?內(nèi)容是什么?請求的端口號(hào)需要什么服務(wù))?IPHeaderUDP/TCPHDRPayload協(xié)議級的平安控制會(huì)話與連接之間的關(guān)系智能的監(jiān)測和控制主連接效勞器客戶端主連接第二連接應(yīng)用層的平安控制智能檢查支持內(nèi)容的過濾和鎖定防范的平安漏洞ClientSMTP:VRFY*CompanyserverDNS:ZoneattackHTTP:Virus!HTTP:ForbiddensiteInternetFiltersandNetworkAccess

Streaming

Media

SMTP

DNSIntrusion

Firewall

AccessPolicy

Allow

HTTP

AllDestinations

InternalNetworkExternalNetworkRulesAppliedStreaming

Media

SMTP

處理外出客戶端請求

Isthereasiteandcontentrulethatdeniestherequest?Isthereaprotocolrulethatdeniestherequest?RequestfrominternalclientDenyrequestRetrieveobjectIsthereaprotocolrulethatallowstherequest?YesNoNoYesYesNoNoIsthereasiteandcontentrulethatallowstherequest?YesNoYesDoesanIPpacketfilter

blocktherequest?Doesaroutingrulespecifyroutingtoan

upstreamserver?YesRouteto

upstreamserverNo入侵檢測功能

IntrusionDetectionIPPacket–LevelAttacks檢測和預(yù)警AlltypesofPortScanIPHalfScanAttackPingofdeathUDPbombattackWinNukeLandattacks應(yīng)用層攻擊

DNSHostnameOverflowDNSLengthOverflowDNSZoneTransferfromPrivilegedPorts(1–1024)DNSZoneTransferfromHighPorts(Above1024)POPBufferOverflowConfiguringIntrusionDetection

IPPacketFiltersPropertiesGeneralOKCancelEnabledetectionoftheselectedattacks:PacketFiltersPPTPWindowsout-of-band(WinNuke)LandPingofdeathIPhalfscanUDPbombPortscanIntrusionDetectionDetectafterattackson 10 well-knownportsDetectafterattackson 20 portsToreceivealertsaboutintrusionattacks,seethepropertiesfor

specificalertsintheAlertsfolder.IntrusiondetectionfunctionalitybasedontechnologyfromInternetSecuritySystems,Inc.,Atlanta,GA,USA,ApplyDNSintrusiondetectionfilterPropertiesGeneralOKCancelFilterincomingtrafficforthefollowing:AttacksDNShostnameoverflowDNSlengthoverflowDNSzonetransferfromprivilegedports(1-1024)DNSzonetransferfromhighports(above1024)ApplySelectAttacksSelecttheoptionsthatarerequiredtoimplementyourmonitoringstrategy.檢測到入侵后可以采取的行動(dòng)記入系統(tǒng)日志發(fā)送郵件執(zhí)行特定的應(yīng)用程序終止特定的效勞啟動(dòng)特定的效勞ISA和Proxy2.0不同的發(fā)布機(jī)制Proxy2.0 *依賴IIS效勞 *被發(fā)布的效勞器需要安裝ProxyClient.

*不支持SSL橋接技術(shù)

ISA*完全獨(dú)立運(yùn)行的效勞,可以完全把IIS卸載。*被發(fā)布的效勞器無需安裝任何軟件?!苍O(shè)置為SecureNET客戶端〕*支持端口的重定向(PortMapping)*支持SSL橋接技術(shù)(SSLBridging)PublishingInternet

ExternalAdapterInternalAdapterWebServerInternalNetworkPublishingServersonaBack-to-BackPerimeterNetwork

LAT

Internal

Network

LAT

Perimeter

Network

WebServerSQLServerInternalNetworkPerimeterNetworkISAServerISAServerInternetPublishingaServer

NametheRuleSpecifyAddressMappingSelectaProtocolSettingSelectaClientTypeStartFinishPublishingaMailServerMailServerSecurityWizardMailServicesSelection

Selectthemailservicesthatyouwouldliketopublishtoyourexternalusers<BackPublishthesemailservices:Default

AuthenticationSSL

AuthenticationIncomingSMTP ApplycontentfilteringOutgoingSMTPIncomingMicrosoftExchange/OutlookIncomingPOP3IncomingIMAP4IncomingNNTPNext>CancelSelecttoapplycontentfilteringtoincomingSMTPtraffic.GuidelinesforUsingPublishingIfyournetworkDoesnothaveaperimeternetworkHasaback-to-backperimeternetworkconfigurationHasathree-homedperimeternetworkconfigurationThenuse

ServerpublishingServerpublishingonbothISAServercomputersRoutingandpacketfilteringbetweentheInternetandperimeternetwork;serverpublishingbetweentheinternalandperimeternetworksNetworkLoadBalancing

InternetCacheCacheISAServerArrayPublishedServerCacheVPNUnderstandingVPNsConnectingRemoteUserstoaCorporateNetworkConnectingRemoteNetworkstoaLocalNetwork

ConnectingRemoteUsers

toaCorporateNetwork

VPNTunnelISAServer

ComputerRemoteUserInternetCorporateNetwork

ConnectingRemoteNetworks

toaLocalNetwork

VPNTunnelISAServer

ComputerRemoteNetworkInternetLocalNetworkISAServer

ComputerConfiguringaVPNtoAcceptClientConnections

ISAVPNServerWizardISAVirtualPrivateNetwork(VPN)ServerSummary

ISAVirtualPrivateNetwork(VPN)ServercanacceptVPNconnectionsfrom

remoteclientsovertheInternet.<BackTheServerwillbeconfiguredwiththepropertieslistedbelow:ConfigureRoutingandRemoteAccessServerasVirtualPrivateNetwork(VPN)Enforcesecuredauthenticationandencryptionmethods.OpenstaticpacketfiltersforallowingPPTPandL2TPoverIPSECprotocols.Thenumberofportsavailableforclientstoconnectis128,butthisnumbercanbeNext>Liststheconfigurationpropertiessetbythewizard.ConfiguringaLocalVPNIdentifytheConnectionsSelecttheProtocol(s)SpecifyCommunicationSpecifyRemoteAddressesSpecifyLocalAddressesSaveConfigurationFileStartFinish

ConfiguringaRemoteVPN

RemoteISAVPNWizardISAVPNComputerConfigurationFile Specifythe.vpcfiletousewhensettingupandconfiguringtheISAVirtualPrivate

Network(VPN)computer.The.vpcfileincludesinformationabouttheremoteISA

VPNcomputer.<BackCancelSpecifythe.vpcfiletouseforsettingupandconfiguringtheISAVPNcomputer.The.vpcfileincludesinformationabouttheremoteISAVPNcomputer.Filename

Browse…Typethepasswordtodecrypttheconfigurationfile.PasswordSpecifythepathandfilenameforthe.vpcfile.Typethepasswordforthefile.Next>需求2:快速的Web訪問改進(jìn)的存儲(chǔ)和檢索機(jī)制內(nèi)存緩存(RAMcaching)主動(dòng)的和定時(shí)的內(nèi)容下載支持陣列(Array&CARP)層次化的緩存系統(tǒng)緩存的類型正向緩存反向緩存分布式緩存InternalNetworkInternalNetworkCacheCacheCacheCacheCacheWebServerInternetInternetInternetTheForwardCachingProcess

GETwww.bjwne.comGETGETwww.bjwne.comObjectissentfromInternetObjectissentfromcacheClient1Client2ISAServerCache12345InternetReverseCaching(互聯(lián)網(wǎng)

企業(yè))InternetISA服務(wù)器CacheWeb伺服器吸收Web負(fù)載的沖擊ISA扮演Web代理效勞器ProcessingRequestsforCachedObjectsRAMDiskCacheDirectoryObjectsObjects1Requesthttp://URLAhttp://URLA3http://URLACacheDirectoryBackupCacheEntry1CacheEntry12主動(dòng)的和定時(shí)的內(nèi)容下載以目標(biāo)生存時(shí)間為根底ISA自動(dòng)分析緩存內(nèi)容的壽命ISA自動(dòng)下載并更新緩存內(nèi)容使用撥號(hào)訪問Internet的用戶應(yīng)考慮使用定時(shí)下載內(nèi)容的方式BranchOffice/SmallBusinessOfficeCacheServerISAServerMainOfficeSmallBusinessCacheCacheBranchOfficeISAServerInternet企業(yè)緩存效勞InternetCorporateNetworkCacheCacheCacheISAServerArrayConfiguringHTTPCachingCacheConfigurationPropertiesGeneralOKCancelApplyNolessthan: 15 MinutesNomorethan: 1 DaysEnableHTTPCachingUnlesssourcespecifiesexpiration,updatesource:RestoreDefaultsHTTPFTPActiveCachingAdvancedFrequently(Expireimmediately)NormallyLessfrequently(Reducednetworktrafficisimportant)SetTimeToLive(TTL)ofobjectincacheto:Thispercentageofcontentage 20

(Timesincecreationofmodification):SelecttoenableHTTPcaching.CacheConfigurationPropertiesGeneralOKCancelEnableFTPcachingRestoreDefaultsHTTPFTPActiveCachingAdvancedConfiguringFTPCachingSpecifyatimeforFTPobjectstoremaininthecache.ApplyTimetoLiveforallobjects:1440 MinutesCacheConfigurationPropertiesGeneralOKCancelApplyEnableactiveCachingActivecachingautomaticallyretrievesfrequentlyaccessedfiles.RestoreDefaultsHTTPFTPActiveCachingAdvancedFrequently

(Clientperformanceismoreimportant)Normally

(Clientperformanceandreducednetworktrafficareequally

important)Lessfrequently

(Reducednetworktrafficismoreimportant)Retrievefiles:Configuring

ActiveCachingSelecttocreateanactivecachingpolicy.CacheConfigurationPropertiesGeneralOKCancelApplyEnableactiveCachingActivecachingautomaticallyretrievesfrequentlyaccessedfiles.RestoreDefaultsHTTPFTPActiveCachingAdvancedFrequently

(Clientperformanceismoreimportant)Normally

(Clientperformanceandreducednetworktrafficareequally

important)Lessfrequently

(Reducednetworktrafficismoreimportant)Retrievefiles:ConfiguringAdvancedCacheSettingsCacheConfigurationPropertiesGeneralOKCancelApplyRestoreDefaultsHTTPFTPActiveCachingAdvancedMaximumsizeofURLcachedinmemory(bytes): 12800Donotreturntheexpiredobject(returnanerrorpage)Returntheexpiredobjectonlyifexpirationwas:AtlessthatthispercentageoforiginalTime 50

toLive:Butnomorethan(minutes): 60 IfWebsiteofexpiredobjectcannotbereached:Percentageofavailablememorytouseforcaching: 50Do

notcacheobjectslargerthan: 1 KBCacheobjectsthathaveanunspecifiedlastmodificationtimeCacheobjectseveniftheydonothaveanHTTPstatuscodeof200Cachedynamiccontent(objectswithquestionmarksintheURL)Selecttoconfigurecachesettingsforspecificobjects.需求3:統(tǒng)一和靈活的管理基于規(guī)那么的管理方式靈活和方便的客戶端部署賬號(hào)可以和Win2000活動(dòng)目錄集成基于MMC的管理界面完善的日志,報(bào)表功能可訂制的報(bào)警功能帶寬控制機(jī)制(QoS)多種幫助向?qū)Х奖愕陌惭b過程創(chuàng)立策略元素PolicyElementOverviewCreatingSchedulesCreatingBandwidthPrioritiesCreatingDestinationSetsCreatingClientAddressSetsCreatingProtocolDefinitionsCreatingContentGroupsNewscheduleName: LunchHoursandWeekendsDescription:

Usethisscheduletopermitaccesstosites

lunchhoursandweekends.OKCancelCreatingSchedules

ClickActivetoaddportionsoftheweek,orclickInactivetoremoveportionsoftheweek.Settheactivationtimesforrulesthatarebasedonthisschedule.12·2·4·6·8·10·12·2·4·6·8·10·12AlSundayMondayTuesdayWednesdayThursdayFridaySaturdaySundayfrom12AMto12AMActiveInactiveCreatingBandwidthRulesNametheRuleSelecttheProtocol(s)SelectaScheduleSelectaClientTypeSelectaDestinationTypeSelectaContentGroupSelectBandwidthPriorityStartFinishCreatingBandwidthPrioritiesNewBandwidthPriorityName:Description

(optional):OKCancelBasicPriorityAssignshighprioritytoincomingtraffic.Outboundbandwidth(1-2000): Inboundbandwidth(1-200): 20NewBandwidthPriorityName:Description

(optional):OKCancelHighPriorityAssignshighprioritytoincomingtraffic.Outboundbandwidth(1-2000): Inboundbandwidth(1-200): 30CreatingSiteandContentRulesNametheRuleSpecifytheRuleActionSelectaDestinationSetSelectaScheduleSelectaClientTypeStartFinishCreatingDestinationSetsRemoveNewDestinationSetName: PartnerWebDescription

(optional):CancelIncludethesecomputers:Name/IPRange PathOKEdit…Add…Add/EditDestinationComputername: nwtraders.msftIPaddresses:CancelToincludeaspecificdirectoryinthedestinationset,typethepath

below.Toincludeallthefiles,usethisformat:/dir/*.Toselectaspecificfile,usethisformat:/dir/filename.Path:/sales/accounts.xlsOKBrowse…From:To(optional):Creating

ClientAddressSetsEditRemoveClientSetName: SupportStaffDescription

(optional): Selecttheaddressesofcomputersthatbelongtothisclient

addressset.Members:From ToAdd…CancelOKAdd/EditIPAddressesClientsetIPaddresses:CancelOKFrom: 192.168.101.0To: 192.168.101.255CreatingProtocolRulesNametheRuleSpecifytheRuleActionSelecttheProtocol(s)SelectaScheduleSelectaClientTypeFinishStartCreatingProtocolDefinitions

Typeanumberbetweenbetween1and65535tospecifytheportnumber.CreatingContentGroupsISAServerincludesseveralpreconfiguredcontentgroups.ISAManagementAction ViewTreeName Description ContentTypesInternetSecurityandAccelerationServer ServersandArrays LONDON Monitoring Computer AccessPolicy Publishing BandwidthRules PolicyElements Schedules BandwidthPriorities DestinationSets ClientAddressSets ProtocolDefinitionsApplication Applications application/hta.application/x-internet-signup.application/x-pkcs7-certificApplicationDataFiles Filescontainingdataforapplications application/x-mscardfile.application/x-perform.application/x-msclip.applAudio Audiofiles audio.*,.ra,.ram,.rmi,.au,.snd,.aif,.aifc,.wav,.m3u,.mid,.mp3CompressedFiles CompressedFiles application/x-gzip,application/x-tar,application/x-gtar,application/x-comDocuments Documents text/tab-separated-values,text/xml,text/h323,application/postscript,applHTMLDocuments HTMLDocuments text/webviewhtml,text/html,.htm,.html,.htt,.stm,.xslImages Allknowntypesofimages .cod,.cmx,.ief,.pbm,.pnm,.ppm,.gif,.bmp,.jfif,.jpe,.jpg,.jpeg,.ico,.pgm,.rasMacroDocuments Documentsthatmaycontainmacr… application/msword,application/vnd.ms-excel,application/x-msaccess,aText Textcontent .txt,.h,.c,.htc,.vcf,.etx,.uls,.css,.bas,.rtx,text/plain,text/x-component,text/Video Videofiles video/*,.asf,.asr,.asx,.avi,.ivf,.lsf,.lsx,.mov,.movie,.mlv,.mp2,.mpa,.mpe,.VRML VRML x-world/x-vrml,.flr,.wrl,.wrz,.xaf,.xof認(rèn)證模式BasicAuthenticationDigestAuthenticationIntegratedWindowsAuthenticationClientCertificateAuthenticationAuthenticationOverviewInternetISAServerSecureNATClientNouser-basedauthentication.FirewallClientAuthenticationisbasedonclientcredentials.WebProxyClientAuthenticationisdependenton

browserandoperatingenvironment.ConfiguringAuthenticationforOutgoingWebRequestsLONDONArrayPropertiesGeneralIncomingWebRequestsSecurityOKCancelAdd…ApplyPerformanceEnableSSLlistenersTCPport: 8080SSLport: 8443ConnectionsOutgoingWebRequestsAutoDiscoveryIdentificationUsethesamelistenerconfigurationforallinternalIPaddresses.ConfigurelistenersindividuallyperIPaddressServer IPAddress DisplayN…Authentic… ServerC…LONDON <Allinternal IntegratedRemoveEdit…Configure…Connectionsettings:AskunauthenticatedusersforidentificationConfiguringAuthenticationMethodsLONDONArrayPropertiesGeneralIncomingWebRequestsSecurityOKCancelAdd…ApplyPerformanceEnableSSLlistenersTCPport: 8080SSLport: 8443ConnectionsOutgoingWebRequestsAutoDiscoveryIdentificationUsethesamelistenerconfigurationforallinternalIPaddresses.ConfigurelistenersindividuallyperIPaddressServer IPAddress DisplayN…Authentic… ServerC…LONDON <Allinternal IntegratedRemoveEdit…Configure…Connectionsettings:AskunauthenticatedusersforidentificationCancelOKServer: LONDONIPAddress: <AllinternalIPaddresses>DisplayName:UseaservercertificatetoauthenticatetowebclientsSelect…AuthenticationBasicwiththisdomain:Digestwiththisdomain:IntegratedClientcertificate(securechannelonly)Selectdomain…Selectdomain…Add/EditListenersAdjustingCacheSizeLONDONPropertiesCacheDrivesLONDONOKCancelApplySet100Maximumcachesize(MB):Totaldiskspace(MB): 39064Totalmaximumcachesize(MB): 100Specifythesizeofthecache.urlcacheFile Edit View Favorites Tools HelpBackdir1 FileFolder 9/6/20009:43PMdir1 100,800KB MicrosoftISAServerCacheFile 9/18/20009:28PMSearchFoldersHistoryGoName Size Type ModifiedAddressurlcacheurlcacheSelectanitemtoviewits

descriptionSeealso:

MyDocuments

MyNetworkPlaces2object(s)98.4MBMyComputerThe.cdatfileonthedrivewillbethesamesizeasthecache.

Drive Type Diskspace… Freespace… CacheSize…AdjustingMemoryAllocationCacheConfigurationPropertiesGeneralOKCancelApplyRestoreDefaultsHTTPFTPActiveCachingAdvancedMaximumsizeofURLcachedinmemory(bytes): 12800Donotreturntheexpiredobject(returnanerrorpage)Returntheexpiredobjectonlyifexpirationwas:AtlessthatthispercentageoforiginalTime 50

toLive:Butnomorethan(minutes): 60 If

Websiteofexpiredobjectcannotbereached:Percentageofavailablememorytouseforcaching: 50Donotcacheobjectslargerthan: 1 KBCacheobjectsthathaveanunspecifiedlastmodificationtimeCacheobjectseveniftheydonothaveanHTTPstatuscodeof200Cachedynamiccontent(objectswithquestionmarksintheURL)Typeanumberbetween1and100tospecifythemaximumpercentageofmemory.由上至下的規(guī)那么實(shí)施結(jié)構(gòu)策略的級別EnterpriseArrayStand-alone策略可以強(qiáng)制組合提升ArrayArrayEnterpriseStand-aloneArrayArrayPromotePromoteActiveDirectory企業(yè)級陣列級在規(guī)那么實(shí)施上的關(guān)系Enterprise

PolicyISA

Server1ISA

Server2ISA

Server3ISA

Server4ISA

Server5ISA

Server6Array

Policy1Array

Policy2Array

Policy3ISA

Server7Standalo

Configuration

CombiningEnterprisePoliciesandArrayPolicies

PropertiesGeneralOKCancelUsearraypolicyonlyApplySpecifywhetherenterprisepoliciesshouldbeenabledforthisarray.Then,selecttheenterprisepolicyyouwanttoapply.AllowpublishingrulesForcepacketfilteringonthearrayOutgoingWebRequestsIncomingWebRequestsPoliciesAutoDiscoveryPerformanceSecurityUsedefaultenterprisepolicysettingsUsecustomenterprisepolicysettingsUsethisenterprisepolicy:EnterprisePolicy1Allowarray-levelaccessrulesthatrestrictenterprisepolicySelectthisoptiontoallowarray-levelsettings.CachArrayRoutingProtocol

Internetarray.dll?Get.Info.v1

WebProxyClientServer2Server1Server3Server4Server5Server1Server2

Server3

Server4Server5

ArrayMembershipListConfiguringCARP(CacheArrayRoutingProtocol)LONDONPropertiesOKCancelAdd…ApplyGeneralOutgoingWebRequestsIncomingWebRequestsPoliciesAutoDiscoveryPerformanceSecurityUsethesamelistenerconfigurationforallinternalIPaddresses.ConfigurelistenersindividuallyperIPaddressIdentificationEnableSSLlistenersServer IPAddress DisplayN… Authentic… ServerC…LONDON <Allinter… IntegratedRemoveEdit…TCPport: 8080SSLport: 8443Configure…AskunauthenticatedusersforidentificationResolverequestswithinarraybeforeroutingConnectionsConnectionsettingsSelecttoenableCARP.LONDONPropertiesOKCancelApplyGeneralArrayMembershipsUsethisIPaddressforintra-arraycommunication:Intra-arraycommunication131.107.3.1Find…Specifytheloadfactorforthisserver.Thisnumberindicatesthe

relativecacheavailabilityofthisservercomparedtotherestofthearraymembers:LoadFactor100ISA的客戶端管理3種客戶端類型WebProxyClientSecureNATClientFirewallClientInternetISAServerSecureNATClient Donotrequireyoutodeployclientsoftwareorconfigureclientcomputers.FirewallClientAllowInternetaccessonlyforauthenticatedusers.WebProxyClientImprovetheperformanceofWebrequestsforinternalclients.配置WebProxy客戶端SelecttheUseaproxyservercheckbox.TypetheportnumberinthePortbox,andthenclickOK.13LocalAreaNetwork(LAN)SettingsAutomaticconfigurationOKCancelAutomaticconfigurationmayoverridemanualsettings.Toensure

theuseofmanualsettings,disableautomaticconfiguration.AutomaticallydetectsettingsUseautomaticconfigurationscript008080

ProxyServerUseaproxyserverAddress:Port:BypassproxyserverforlocaladdressesTypetheIPaddressornameoftheISAServercomputerintheAddressbox.2ISAServer–Microsoft’sFirewall

ISAServer結(jié)構(gòu)zWebProxy

ClientSecureNAT

ClientFirewall

ClientLocal

Area

NetworkWebProxyServiceFirewall

ServiceWebFilterPacketFilteringThirdPartyFilterStreamingFilterSMTPFilterH.323FilterFTPFilterCacheInternetNAT

DriverHTTP

Redirector帶寬控制機(jī)制用來控制網(wǎng)絡(luò)的使用情況通過如下方式控制帶寬使用分級帶寬控制規(guī)那么帶寬控制機(jī)制能做什么限制多媒體信息在整個(gè)帶寬中的百分比授予指定的用戶更高的優(yōu)先級ISAServerAlertEventsISAManagementAction ViewTreeName Description Server EventInternetSecurityandAccelerationServer ServersandArrays LONDON Monitoring Computer AccessPolicy SiteandContentRules ProtocolRules IPPacketFilters Publishing BandwidthRules PolicyElements CacheConfiguration MonitoringConfiguration Alerts Logs ReportJobs Extensions ApplicationFilters WebFilters NetworkConfiguration ClientConfiguration H.323GatekeepersAlertactionfailure Theactionassociatedwiththisalertfa… PHOENIX AlertactionfailureCachecontainerinitializationerror Thecachecontainerinitializationfaile… PHOENIX CachecontainerinitializationCachecontainerrecoverycomplete Recoveryofasinglecachecontainer… PHOENIX Cachecontainerrecovery…Cachefileresizefailure Theoperationtoreducethesizeofthe… PHOENIX CachefileresizefailureCacheinitializationfailure TheWebcacheproxywasdisabledto… PHOENIX CacheinitializationfailureCacherestorationcompleted Thecachecontentrestorationwasco… PHOENIX CacherestorationcompletedCachewriteerror Therewasafailureinwritingcontent… PHOENIX CachewriteerrorCachedobjectdiscarded Duringcacherecovery,anobjectwith… PHOENIX CacheobjectdiscardedComponentloadfailure Failedtoloadanextensioncomponent… PHOENIX ComponentloadfailureConfigurationerror Anerroroccurredwhilereadingconfig… PHOENIX ConfigurationerrorDial-on-demandfailure Failedtocreateadial-on-demandcon… PHOENIX Dial-on-demandfailureDNSintrusion Ahostnameoverflow,lengthoverflow… PHOENIX DNSintrusionEventlogfailure Anattempttologtheeventinformaito… PHOENIX EventlogfailureFirewallcommunicationfailure Thereisafailureincommunicationbet… PHOENIX Client/servercommunica..Intrusiondetected Anintrusionwasattemptedbyanexte… PHOENIX IntrusiondetectedInvaliddial-on-demandcredentials Dial-on-demandcredentialsareinvalid PHOENIX Invaliddial-on-demandcr..InvalidODBClogcredentials Thespecifiedusernameorpassword… PHOENIX InvalidODBClogcredent…IPpacketdropped IPpacketwasdro

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

最新文檔

評論

0/150

提交評論