When confi guring fl ood migration services, make sure you don??™t tighten things down
too much or the ISA server might drop legitimate connections. One way to ensure that
legitimate traffi c is not denied is to set a custom limit. The custom limit will generally
provide a more lenient threshold for the unwanted traffi c. Also, you can defi ne a list
of IP exceptions that are hosts to which the custom limits apply. So basically, the IP
exceptions and custom limits are a way to defi ne hosts that you trust more. I do not
recommend using IP exceptions. If you fi nd thresholds that are unwanted for traffi c
then they are generally unwanted regardless of the host, and the minute you start trusting
a system it will become infected with a worm that will abuse your custom limits.
The traffi c fl ood options are shown in Table 11.3 with an explanation of each.
Configuring Microsoft Internet Security and Acceleration Server 2006 ??? Chapter 11 403
In order to use this service effectively, I recommend that you begin with the ISA
Server defaults set by Microsoft. Confi gure the alerting to your liking. Then, you will
need to monitor traffi c in your environment for a while in order to determine what
is and what is not normal. Begin tightening the thresholds from there, and try to make
them as strict as possible without adversely affecting normal traffi c fl ows.
Firewall Policy
Given the confi guration options we??™ve already covered, it should not come as too much
of a surprise that the Firewall Policy node in the navigation pane of the ISA Server
Management console offers relatively few management options.
Pages:
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400