This being said, there really should not be any confi guration that needs to occur here.
ISA Server comes with a sensible confi guration in this area out of the box.
The other two tabs should be left at their default settings. The only confi guration
option available on the IP Fragments tab is to fi lter fragmented packets. This should not
be enabled unless you are on a controlled network segment and because packets are
often legitimately fragmented during transit. Enabling this would cause network
connectivity issues.
The other tab, IP Routing, is set to use kernel mode for routing. This should provide
maximum routing performance, and therefore should be used unless you come across an
issue that requires you to disable it.
Confi guring Flood Mitigation Services
Flood mitigation options allow you to combat attacks that are manifested primarily as
a large amount of traffi c of one kind or another. Generally, you will see a lot of this
sort of thing from worms as they infect a host, and then begin fl ooding the network
with attempts to infect other vulnerable hosts. ISA Server 2006 includes settings specifi c
to a number of different types of traffi c fl oods. When working with the fl ood mitigation
options, you set the maximum amount of that type of traffi c ISA Server will accept
and evaluate in detail before all subsequent traffi c from that host is dropped. This helps
to avoid denial of service conditions that may occur when your fi rewall has become
overwhelmed with traffi c.
Pages:
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399