These article series will contain the following articles:
- Installing ISA Server 2004 Enterprise Edition – Part 1 – Installing and Configuring the Configuration Storage Server
- Installing ISA Server 2004 Enterprise Edition – Part 2 – Installing ISA Server 2004 Firewall on two Servers
- Configuring ISA Server 2004 Enterprise Edition – Part 3 – Administering ISA Server 2004 Enterprise Arrays
- Configuring ISA Server 2004 Enterprise Edition – Part 4 – Enabling CARP and NLB in ISA Server 2004 Enterprise
If you have more ideas about ISA Server 2004 Enterprise articles, please let me know and I will check if your idea could be part of a new article.
Let’s begin
For this article series we have the following configuration:
Name
Role
Configuration
DEN-DC-01 Windows 2003 Domain Controller INTERNAL: 192.168.1.10 DEN-CSS-01 Windows 2003 Member Server with ISA Server 2004 Configuration Storage Server INTERNAL: 192.168.1.20 DEN-ISAEE-01 Windows 2003 Member Server with ISA Server 2004 Enterprise Firewall INTRAARRAY: 192.168.0.1
INTERNAL: 192.168.1.1
EXTERNAL: 172.16.1.1
INTERNAL: 192.168.1.2
EXTERNAL: 172.16.1.2
First start the Configuration Storage Server and check the event logs for errors. If everything is fine, insert the ISA Server 2004 CD into the first Windows Server 2003 machine and start the setup process. Select Install ISA Server services (Figure 1).
Figure 1: Install ISA Server services
This setup option installs the ISA Server components and ISA Server Management. If you wish to install additional components select the required features (Figure 2).
Figure 2: Select ISA Server components
In the next installation screen (Figure 3) you must specify the Configuration Storage Server and the credentials for connecting to this server.
Figure 3: Select the Configuration Storage Server
Select Join an existing array. To join an existing array the installation account must have ISA Server Array Administrator privileges. You will learn more about ISA Server permissions and delegation feature in the next article of this article series on www.isaserver.org.
Figure 4: Join an existing Array
Select the Array Name MainArray (Figure 5). You must have Array Administrator rights to install the ISA Server Firewall into the existing Array.
Port requirements for ISA Server communication
ISA Server components require several ports to communicate with other Configuration Storage Servers, ISA Server Firewall members and ISA Server Management computers.
MS Firewall Storage
MS Firewall Storage is an inbound LDAP-based protocol. It uses port 2172 for SSL connections and port 2171 for non-SSL connections. Array Members communicate with the Configuration Storage Server using the MS Firewall Storage protocol. Computers running the ISA Server Management console also use the MS Firewall Storage protocol to read and write from the Configuration Storage Server.
MS Firewall Storage Replication
This protocol is an outbound TCP protocol, which is defined on port 2173. MS Firewall Storage Replication is used for configuration replication between Configuration Storage Servers.
MS Firewall Control
This is another outbound TCP protocol and is defined on port 3847. It is used for communications between ISA Server Management and computers running ISA Server services.
Remote Procedure Call (RPC)
To monitor server performance, the ISA Server Management computer requires remote procedure call (RPC) connectivity to the ISA Server computers.
Figure 5: Specify the Array this ISA Server computer will join
Select Windows authentication (Figure 6) because we are deploying ISA Server services and the Configuration Storage Server in the same domain so that the connection will be encrypted (signed and sealed).
Figure 6: Select Windows authentication
Specify the IP address range for the internal network. The internal IP address range will be protected from ISA Server 2004 Enterprise. It is also possible to select Enterprise networks but we haven’t created an Enterprise network in our ISA Server Array and you will learn in an upcoming article what Enterprise networks are.
Figure 7: Specify the internal IP address ranges
During installation, some services running locally on this computer may be restarted or disabled (Figure 8) and some services will be disabled during installation.
Figure 8: Disabled Services and Services to restart
After finishing setup you must restart the Server so that the configuration changes take effect.
Figure 9: Click Yes to restart the Server
Repeat these steps installing ISA Server 2004 Firewall services on the second ISA Server.
After installing the second Server restart this server and after both ISA Server nodes are rebooted, you can start the ISA Server Management console and navigate to Arrays – Main Array – Configuration – Servers to see if both servers are operational. If everything is fine you will see a green icon (Figure 10) on every ISA Server object.
Figure 10: Congratulations. You have successfully installed your first ISA Server 2004 Enterprise Array with two ISA Array Members.
Conclusion
As you have seen in this article, it is not so hard to install ISA Server 2004 Firewall Array members. The third article will deal with the administration of ISA Server 2004 Array members and ISA Server 2004 Arrays.
These article series will contain the following articles:
- Installing ISA Server 2004 Enterprise Edition – Part 1 – Installing and Configuring the Configuration Storage Server
- Installing ISA Server 2004 Enterprise Edition – Part 2 – Installing ISA Server 2004 Firewall on two Servers
- Configuring ISA Server 2004 Enterprise Edition – Part 3 – Administering ISA Server 2004 Enterprise Arrays
- Configuring ISA Server 2004 Enterprise Edition – Part 4 – Enabling CARP and NLB in ISA Server 2004 Enterprise
Related Links
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
Introduction to Branch Deployment of ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/intro_to_branch_deployment_ee.mspx
ISA Server 2004 Enterprise Edition in a Workgroup
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/workgroup_ee.mspx
Network Load Balancing in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/network_load_balancing_ee.mspx
Troubleshooting Host IDs in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/hostid.mspx
Troubleshooting Network Load Balancing in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ts_nlb_ee.mspx
ISA Server 2004 Enterprise Edition Configuration Guide
http://download.microsoft.com/download/6/9/0/690d2ee7-a4e0-4c0a-80d4-1e30ebcac1de/isa_2004_ee_configuration_guide.doc
Renaming Configuration Storage Servers in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/renamecss_ee.mspx