Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition

Audience Profile

Candidates for this exam operate in medium to very large computing environments that use the Microsoft Windows 2000 Server operating system. Candidates have a basic understanding of DNS, FTP, HTTP, HTTPS, IMAP, POP3, RDP, SMTP, and SSL. They have a minimum of one year's experience implementing and administering network operating systems in environments that have the following characteristics:

• Between 200 and 26,000+ supported users.

• Multiple physical locations.

• Outbound access for typical client services and applications, such as Web access, e-mail, Telnet, FTP, virtual private networking (VPN), desktop management, Instant Messaging, and access control policies.

• Hosting of network services, such as internal and external Web hosting, messaging, Instant Messaging, RDP, and firewall.

• Connectivity requirements that include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to the Internet.

• ISA Server computers that are configured to use chaining.

Credit Toward Certification

When you pass the Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition exam, you achieve Microsoft Certified Professional status. You also earn credit toward the following certifications:

• Elective credit toward Microsoft Certified Systems Administrator on Microsoft Windows 2000 certification

• Elective credit toward Microsoft Certified Systems Engineer on Microsoft Windows 2000 certification

Instructor-led Course for This Exam

• Course 2159: Deploying and Managing Microsoft Internet Security and Acceleration Server 2000

Skills Being Measured

This certification exam measures your ability to implement, administer, and troubleshoot information systems that incorporate the Enterprise Edition of Microsoft Internet Security and Acceleration Server 2000. Wherever the term ISA Server occurs in this prep guide or in the content of the exam, it refers only to ISA Server 2000, Enterprise Edition. It does not refer to ISA Server 2000, Standard Edition. Before taking the exam, you should be proficient in the job skills listed below.

Skills measured by exam 70-227

Installing ISA Server

Preconfigure network interfaces.

• Verify Internet connectivity before installing ISA Server.

• Verify DNS name resolution.

Install ISA Server. Installation modes include integrated, firewall, and cache.

• Construct and modify the local address table (LAT).

• Calculate the size of the cache and configure it.

• Install an ISA Server computer as a member of an array.

Upgrade a Microsoft Proxy Server 2.0 computer to ISA Server.

• Back up the Proxy Server 2.0 configuration.

Troubleshoot problems that occur during setup.

Configuring and Troubleshooting ISA Server Services

Configure and troubleshoot outbound Internet access.

Configure ISA Server hosting roles.

• Configure ISA Server for Web publishing.

• Configure ISA Server for SSL.

• Configure ISA Server for server publishing.

Configure H.323 Gatekeeper for audio and video conferencing.

• Configure gatekeeper rules. Rules include telephone, e-mail, and Internet Protocol (IP).

• Configure gatekeeper destinations by using the Add Destination Wizard.

Set up and troubleshoot dial-up connections and Routing and Remote Access dial-on-demand connections.

• Set up and verify routing rules for static IP routes in Routing and Remote Access.

Configure and troubleshoot virtual private network (VPN) access.

• Configure the ISA Server computer as a VPN endpoint without using the VPN Wizard.

• Configure the ISA Server computer for VPN pass-through.

Configure multiple ISA Server computers for scalability. Configurations include Network Load Balancing (NLB) and Cache Array Routing Protocol (CARP).

Configuring, Managing, and Troubleshooting Policies and Rules

Configure the firewall in accordance with corporate standards.

• Configure the packet filter rules for different levels of security, including system hardening.

Create and configure access control and bandwidth policies.

• Create and configure site and content rules to restrict Internet access.

• Create and configure protocol rules to manage Internet access.

• Create and configure routing rules to restrict Internet access.

• Create and configure bandwidth rules to control bandwidth usage.

Troubleshoot access problems.

• Troubleshoot user-based access problems.

• Troubleshoot packet-based access problems.

Create new policy elements. Elements include schedules, bandwidth priorities, destination sets, client address sets, protocol definitions, and content groups.

Manage ISA Server arrays in an enterprise.

• Create an array of proxy servers.

• Assign an enterprise policy to an array.

Deploying, Configuring, and Troubleshooting the Client Computer

Plan the deployment of client computers to use ISA Server services. Considerations include client authentication, client operating system, network topology, cost, complexity, and client function.

Configure and troubleshoot the client computer for security-enhanced network address translation (SecureNAT).

Install the Firewall Client software. Considerations include the cost and complexity of deployment.

• Troubleshoot autodetection.

Configure the client computer's Web browser to use ISA Server as an HTTP proxy.

Monitoring, Managing, and Analyzing ISA Server Use

Monitor security and network usage by using logging and alerting.

• Configure intrusion detection.

• Configure an alert to send an e-mail message to an administrator.

• Automate alert configuration.

• Monitor alert status.

Troubleshoot problems with security and network usage.

• Detect connections by using Netstat.

• Test the status of external ports by using Telnet or Network Monitor.

Analyze the performance of the ISA Server computer. Methods include the use of Performance Monitor, reports, and log files.

Optimize the performance of the ISA Server computer. Considerations include capacity planning, allocation priorities, and trend analysis.

• Control the total RAM used by ISA Server for caching.