Installing ISA Server 2004 Enterprise Edition – Part 2 – Installing ISA Server 2004 Firewall on two Servers

These article series will contain the following articles:

If you have more ideas about ISA Server 2004 Enterprise articles, please let me know and I will check if your idea could be part of a new article.

Let’s begin

For this article series we have the following configuration:

Name

Role

Configuration

DEN-DC-01 Windows 2003 Domain Controller INTERNAL: 192.168.1.10
DEN-CSS-01 Windows 2003 Member Server with ISA Server 2004 Configuration Storage Server INTERNAL: 192.168.1.20
DEN-ISAEE-01 Windows 2003 Member Server with ISA Server 2004 Enterprise Firewall INTRAARRAY: 192.168.0.1

INTERNAL: 192.168.1.1

EXTERNAL: 172.16.1.1

DEN-ISAEE-02 Windows 2003 Member Server with ISA Server 2004 Enterprise Firewall INTRAARRAY: 192.168.0.2

INTERNAL: 192.168.1.2

EXTERNAL: 172.16.1.2

First start the Configuration Storage Server and check the event logs for errors. If everything is fine, insert the ISA Server 2004 CD into the first Windows Server 2003 machine and start the setup process. Select Install ISA Server services (Figure 1).


Figure 1: Install ISA Server services

This setup option installs the ISA Server components and ISA Server Management. If you wish to install additional components select the required features (Figure 2).


Figure 2: Select ISA Server components

In the next installation screen (Figure 3) you must specify the Configuration Storage Server and the credentials for connecting to this server.


Figure 3: Select the Configuration Storage Server

Select Join an existing array. To join an existing array the installation account must have ISA Server Array Administrator privileges. You will learn more about ISA Server permissions and delegation feature in the next article of this article series on www.isaserver.org.


Figure 4: Join an existing Array

Select the Array Name MainArray (Figure 5). You must have Array Administrator rights to install the ISA Server Firewall into the existing Array.

Port requirements for ISA Server communication

ISA Server components require several ports to communicate with other Configuration Storage Servers, ISA Server Firewall members and ISA Server Management computers.

MS Firewall Storage

MS Firewall Storage is an inbound LDAP-based protocol. It uses port 2172 for SSL connections and port 2171 for non-SSL connections. Array Members communicate with the Configuration Storage Server using the MS Firewall Storage protocol. Computers running the ISA Server Management console also use the MS Firewall Storage protocol to read and write from the Configuration Storage Server.

MS Firewall Storage Replication

This protocol is an outbound TCP protocol, which is defined on port 2173. MS Firewall Storage Replication is used for configuration replication between Configuration Storage Servers.

MS Firewall Control

This is another outbound TCP protocol and is defined on port 3847. It is used for communications between ISA Server Management and computers running ISA Server services.

Remote Procedure Call (RPC)

To monitor server performance, the ISA Server Management computer requires remote procedure call (RPC) connectivity to the ISA Server computers.


Figure 5: Specify the Array this ISA Server computer will join

Select Windows authentication (Figure 6) because we are deploying ISA Server services and the Configuration Storage Server in the same domain so that the connection will be encrypted (signed and sealed).


Figure 6: Select Windows authentication

Specify the IP address range for the internal network. The internal IP address range will be protected from ISA Server 2004 Enterprise. It is also possible to select Enterprise networks but we haven’t created an Enterprise network in our ISA Server Array and you will learn in an upcoming article what Enterprise networks are.


Figure 7: Specify the internal IP address ranges

During installation, some services running locally on this computer may be restarted or disabled (Figure 8) and some services will be disabled during installation.


Figure 8: Disabled Services and Services to restart

After finishing setup you must restart the Server so that the configuration changes take effect.


Figure 9: Click Yes to restart the Server

Repeat these steps installing ISA Server 2004 Firewall services on the second ISA Server.
After installing the second Server restart this server and after both ISA Server nodes are rebooted, you can start the ISA Server Management console and navigate to ArraysMain ArrayConfigurationServers to see if both servers are operational. If everything is fine you will see a green icon (Figure 10) on every ISA Server object.


Figure 10: Congratulations. You have successfully installed your first ISA Server 2004 Enterprise Array with two ISA Array Members.

Conclusion

As you have seen in this article, it is not so hard to install ISA Server 2004 Firewall Array members. The third article will deal with the administration of ISA Server 2004 Array members and ISA Server 2004 Arrays.

These article series will contain the following articles:

 

Related Links

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx

Introduction to Branch Deployment of ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/intro_to_branch_deployment_ee.mspx

ISA Server 2004 Enterprise Edition in a Workgroup
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/workgroup_ee.mspx

Network Load Balancing in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/network_load_balancing_ee.mspx

Troubleshooting Host IDs in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/hostid.mspx

Troubleshooting Network Load Balancing in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ts_nlb_ee.mspx

ISA Server 2004 Enterprise Edition Configuration Guide
http://download.microsoft.com/download/6/9/0/690d2ee7-a4e0-4c0a-80d4-1e30ebcac1de/isa_2004_ee_configuration_guide.doc

Renaming Configuration Storage Servers in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/renamecss_ee.mspx

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top