Shulou(Shulou.com)06/02 Report--

1. Computers don't have brains. So, when the behavior of ISA is not consistent with your requirements, please check your configuration without complaining about ISA.

Allow only the customers, source addresses, destinations and protocols you want to allow. Check each of your rules carefully to see if the elements of the rules are consistent with what you need, and try to avoid using rejection rules.

3. For access rules with the same users or with the same subset of users, the denied rules must be placed in front of the allowed rules.

4. When you need to use rejection, explicit rejection is the first consideration.

5. Without affecting the effect of firewall policy enforcement, please put the rules with higher matching degree in front.

6.Please put the rules for all users first without affecting the implementation of the firewall policy.

7. Simplify your rules as much as possible. It is always more efficient to execute one rule than to execute two rules.

Never use the Allow 4 ALL rule (Allow all users use all protocols from all networks to all networks) in a business network, it just makes your ISA useless.

9. If it can be achieved by configuring system policies, there is no need to establish custom rules.

10. Each access rule of ISA is independent, and each access rule will not be affected by other access rules.

Never allow any network to access all protocols native to ISA. The internal network is also unreliable.

12. SNat customers cannot submit authentication information. So, when you use authentication, configure the customer as a Web proxy client or a firewall customer.

Whether it is the purpose or source of the access rule, it is best to use the IP address.

14. If you must use a domain name set or a URL set in your access rules, it is best to configure the customer as a Web proxy customer.

15. Don't forget that there is a DENY 4 ALL at the end of the firewall policy.

16. Finally, remember that testing of firewall policies is required.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.