Monday, November 05, 2007

Publishing in ISA 2006

Just some basic requirements:

  1. The request must be for the exact name included on the Public Name tab. For example, if the users wants to go to www.msfirewall.org, the name on the Public Name tab must be http://www.msfirewall.org/
  2. The certificate must have the same common/subject name as the name on the Public Name tab. So, if the users are going to http://www.msfirewall.org, then the common/subject name on the Web site certificate bound to the Web listener must be http://www.msfirewall.org/
  3. The name used in the To tab must match the name on the Web site certificate bound to the actual Web site on the Internal network. So, if the name on the certificate is www.msfirewall.org, then I must enter www.msfirewall.org on the To tab.
  4. The ISA firewall must be able to resolve the name on the To tab to the actual IP address of the site on the Internal network. So, if I had www.msfirewall.org on the To tab, then the ISA firewall must be able to resolve www.msfirewall.org to the actual IP address of the site on the Internal network (you can use DNS or HOSTS file entries for this)
  5. Make sure you forward the original host header if you're not using the same name from end to end (like you can with a properly configured split DNS or with a HOSTS file)
  6. The Web site is setup with a Default Gateway.
  7. ISA server is set so that the Web site is included in a Upstream proxy bypass rule, so that the ISA server accesses the Web site from the internal network. (If upstream proxy is used.)

Pasted from
http://forums.isaserver.org/m_230059800/mpage_1/key_/tm.htm#230059811

No comments: