Sophos NAC ADVANCED Configuring Microsoft
Configuring Microsoft ISA
Server 2004
Configuring Microsoft Server ISA 2004
Copyright © 2011 Sophos Limited. All
rights reserved. No part of this publication
may be reproduced, stored in retrieval
system, or transmitted, in any form or
by any means electronic, mechanical,
photocopying, recording or otherwise
unless you are either a valid licensee
where the documentation can be
reproduced in accordance with the lice nc e
terms or you otherwise have the prior
permission in writing of the copyright
owner.
Sophos and Sophos Anti-Virus are
registered trademarks of Sophos Limited.
All other product and company names
are trademarks or registered trademarks
of their respective owners.
Document version 3.2
Published January 2011
2
Configuring Microsoft Server ISA 2004
Table of Contents
0BConfiguring Microsoft ISA Server 2004 as a Proxy ....................................................................... 4
2BOverview ................................................................................................................................................................. 4
Considerations ........................................................................................................................................................ 4
1BConfiguring Microsoft ISA Server 2004 ......................................................................................... 4
3BConfiguring a Web Listener .................................................................................................................................... 4
4BConfiguring a Secure Web Server Publishing Rule................................................................................................ 5
5BConfiguring ISA Server to Proxy Requests from Sophos ....................................................................................... 7
3
Configuring Microsoft Server ISA 2004
0BConfiguring Microsoft ISA Server 2004 as a Proxy
2BOverview
®
This document provides det ailed inf ormation about the process necessary to configure the Microsoft
ISA Server
2004 to act as a proxy for the Sophos Compliance Application Server. The ISA Server acts as a proxy for inbound
connections to the Compliance Application Server for both management and Sophos Compliance Agent access,
and as outbound proxy for the Compliance Application Server when it is retrieving Microsoft OS patch definition
updates from the Sophos update server.
Note: When you make any changes to the ISA Server, you need to save the changes by clicking the Apply button
that appears on the top of the Management Console page. In some cases, you may need to restart the ISA Server
service.
Considerations
The configuration process of the Microsoft ISA Server to act as a proxy for the Compliance Application Server
depends on the following prerequisites:
▪ Microsoft ISA Server 2004 Standard Edition or Enterprise Edition has been installed with the default
configuration and no configuration changes have been made.
▪ The Microsoft ISA Server has been configured with both an internal and external network interface and each
interface has been connected to the network.
▪ The Compliance Application Server is on the internal side of the ISA Server.
▪ A valid SSL Certificate signed by a trusted authority is installed on the server that will host ISA through the
Certificates snap-in. More information on this topic is in the Microsoft Knowledge Base Article 324167.
1BConfiguring Microsoft ISA Server 2004
3BConfiguring a Web Listene r
By default, ISA Server 2004 does not listen for incoming requests, so you must configure a Web listener to publish
the Sophos Web site.
1. In the ISA Server console, select Firewall Policy for the computer node, the name of your ISA Server that is
going to accept the incoming connection, and then select Network Objects on the Toolbox tab.
2. Right-click the Web Listeners folder, and then select New Web Listener to open the New Web Listener
Definition Wizard.
3. Type a Web listener name, and then click Next.
4. On the IP Addresses panel, select External network from the Listen for request from these networks list
box, and then click Next.
5. Select the Enable HTTP and Enable SSL check boxes.
6. Click Select to select a certificate.
7. Select the certificate, click OK, and then click Next.
4
Loading...