How Can I Install a Blacklist in ISA Server?

Lists of various categories of Web sites to which you may want to block access to some or all users in your organization are available on the Web and from other sources. The files containing such lists may have one of four typical formats: A text file containing a list of domain names. A text…


Firewall Client for ISA Server with Vista Support

The final release of the new Firewall Client for ISA Server is now available for download from http://www.microsoft.com/downloads/details.aspx?FamilyId=05C2C932-B15A-4990-B525-66380743DA89&displaylang=en. The new version can be installed on computers running Windows 2000, Windows NT 4.0, Windows Server 2003, Windows XP, and Windows Vista. It also includes software updates that improve the security and stability of Firewall Client software.  You…


Customizing the HTML forms used for client form-based authentication

Since the release of ISA Server 2006, many customers have been asking for instructions on how to customize HTML logon forms. I’m happy to announce that this document is now available! To view the document, go to Customizing HTML Forms in ISA Server 2006. ISA Server 2006 comes with a complete set of preconfigured HTML…


Can ISA Server 2006 Configuration Storage Server be use to manage an ISA Server 2004 Array?

Recently I have seen the following question popping up in different locations and wanted to clarify the issue.   Can ISA Server 2006 Configuration Storage Server be use to manage an ISA Server 2004 Array?   Unfortunately ISA Server 2006 Configuration Storage Server can only be used to manage ISA Server 2006 arrays and ISA…


ISA Server Troubleshooting; Layer 1

I completed a session with an ISA user yesterday that reminded me just how few ISA problems really are problems with ISA Server itself.  Network device configuration, name resolution, malware, etc. are all non-ISA considerations that can adversely affect your ISA server perceived performance.  Today, we’ll discuss a very common non-failure state that degrades ISA…


ISATools.org Gets a Facelift

First of all, many thanx to Steve Moffat for his high-speed pedo-gluteal assist in this effort.  This change is something that’s been needed for some time now and it’s finally come to fruition. The reason I bring this up in this forum is that many of you have direct links to specific tools on this…


Troubleshooting Intermittent Pop-up Credentials in ISA Server 2004

Troubleshooting Intermittent Pop-up Credentials in ISA Server 2004   1. Summary   This article describes typical troubleshooting steps that you can use to determine the root cause for receiving the pop-up credential window when browsing Web sites when connected to an ISA Server 2004 computer.   2. Introduction   The following figure shows the topology that is…


802.1Q and ISA Server

Many folks have asked the question: “Does ISA Server support VLANs?”.  The quick and dirty answer to this question is “nope – don’t gotta.”  The longer, more useful answer is “ISA isn’t aware of 802.1Q.” The core of the answer to this question lies in the fact that ISA Server is a layer-3 (IP) firewall,…


Upgrading ISA Server 2004 Enterprise Edition to ISA Server 2006 Enterprise Edition

ISA Server 2006 Enterprise Edition supports the following upgrade paths from ISA Server 2004 Enterprise Edition: In-Place Upgrade. With an in-place upgrade, you can upgrade your existing ISA Server 2004 computer to ISA Server 2006 on the existing array equipment. The ISA Server 2006 installation process detects a valid version of ISA Server 2004 and…


Blocking VML with ISA 2004 & ISA 2006

http://www.microsoft.com/technet/security/advisory/925568.mspx discusses a vulnerability in the VML parsing dll which can result in an unpleasant experience. http://www.microsoft.com/technet/isa/2006/how-to-block-vml.mspx discusses a methodology by which you can use ISA 2004 or ISA 2006 to block HTTP-based attacks targeted against this vulnerability. Finally, http://isatools.org/block_vml.vbs automates the process of creating the proper HTTP Filter settings for you. Tim’s report was accurate (see my…