Enterprise Management for ISA and TMG Firewall Arrays

By /

image Many of us started with the ISA firewall using Standard Edition (SE) . ISA and TMG SE is pretty straightforward – you install the firewall and away you go. OK, it’s not that easy, but when configuring an SE firewall, you only have to worry about one firewall at a time.

In contrast, ISA and TMG Enterprise Edition firewalls are managed a bit differently. When you install ISA and TMG firewalls into an Enterprise, you are actually putting into place the machinery required to create firewall arrays. An ISA or TMG Firewall array is a collection of firewalls that work as a single logical firewall (for the most part). When you create a firewall rule for the firewall array, all the firewalls in the array receive the same configuration and enforce the same rule or policy.

The challenging part of working with Enterprise Edition is that you have the option to create rules and network elements at either or both the enterprise or array level. When you create a rule or network element at the enterprise level, you can make those configuration settings available to one or more arrays in the ISA or TMG enterprise. An “enterprise” is a collection of arrays that can be managed together. In contrast, when you configure settings at an array level, those settings apply only to that particular array.

In addition, you have to deal with issues related to intra-array communications, communications between firewall array members and the Configuration Storage Server (the machine that contains the array configuration, which is stored in an ADAM or AD LDS database), and potentially Network Load Balancing issues.

For a nice review of the issues that you should consider in advance before deploying Enterprise Edition and firewall arrays, check out this article on the Microsoft site Enterprise Management in ISA Server 2006

http://technet.microsoft.com/en-us/library/bb794814.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top