Network Sets
The idea behind the tab under the Networks node is to just group networks together
as a named grouping, so that when you need to create rules you can refer to the
Network Set instead of having to call out multiple network names. A simple wizard
allows you to select a new name for a network set, and then assign networks to the
set. It is also possible to alter the properties of existing Network Sets here, but
I strongly recommend that you do not change any of the predefi ned Network Sets
because there are already predefi ned rules built around them. Changing these sets
could, therefore, have pretty substantial negative effects on your network.
396 Chapter 11 ??? Confi guring Microsoft Internet Security and Acceleration Server 2006
Network Rules
It is important to understand the function of the Network Rules as compared to
the Firewall Rules. Network rules generally are not used to determine what packets
are passed through or dropped by the fi rewall. Instead, this is where the network
administrator will defi ne the way packets are routed between network segments.
There are only two options available for the rules you can create. You can tell ISA
Server to perform Network Address Translation (NAT) on the packets, thereby
obfuscating the real internal IP address, or you can tell ISA Server to simply route
the packet from one segment to the other without performing NAT.
Web Chaining
Large enterprises that must support thousands of nodes connecting to the Internet,
and want to use ISA Server??™s web proxy functions will not be able to build a single
super server that can proxy all connections.
Pages:
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391