If the network is to include a DMZ, then determine these addresses before starting the installation so they can be excluded from the Local Address Table (which contains the address ranges of the internal networks). Microsoft has a Server Publishing Wizard to configure servers in the DMZ.
Uninstall any server software that is not required. Installation is straightforward and largely automatic. The initial configuration is performed using a wizard that sets the firewall and applies security settings depending on the kind of server being used.
The servers are Dedicated (for standalone firewall servers), Limited Services (for domain controllers) and Secure (for firewalls installed on servers that are also database or application servers).
Firewall rules can be applied on a schedule. The server can be monitored and administered from the Microsoft Management Console. Wizards are used for administration and configuration (useful for setting VPN connections).
The system allows the creation of static packet filters that complement the filters set up by the rule creation process. Filters that block connections override those which allow them. The system has an IDS, but it is not enabled by default and needs to be configured.
The ISA Server provides a range of logging and reporting options. Alert conditions can be set up with one or more actions, including email notification and command execution. Our port scanning revealed an open port which was left open from another application and we were able to identify the system as a Windows 2000 Server. The IDS logged and reported the port scan as an intrusion attempt.
