|
Shane Hicks is an independent consultant and technical trainer, providing support to individuals and small businesses. He's been in the industry for over 10 years. Email your questions, it will be answered as space permits.
|
|
|
When two clients and a cohort raise the same question during the month,
that makes me feel an issue is fairly important. This month, I want to
address the settings involved in bringing Microsoft’s ISA Server 2000 Firewall
on-line and allowing some special communication between the clients on
the local network and certain sites on the Internet. |
|
Microsoft Windows 2000 Server had been installed with ISA Server 2000 acting
as the protective firewall for the internal network. All the network clients
(i.e. the Windows XP Professional computers operating inside the firewall,
on the company network) were configured with the Firewall Client software,
using the default settings. Each user had the capability to open Internet
Explorer and surf to any Website they desired. However, two problems repeatedly
presented themselves. The Windows Update feature would not function, nor
would the LiveUpdate! feature of Norton Anti-Virus 2002. For the first
problem, connections to the Microsoft Update site appeared to be established,
but no update downloads became available. The clients could not even perform
the automatic computer scan to reveal what updates were needed. For the
latter problem with Norton, connection with the LiveUpdate! site was simply
refused. |
|
|
With so many new viruses appearing each and every day, my first priority
was to solve the Norton Anti-Virus issue, so that clients would be able
to download and update their anti-virus definitions whenever they become
available. The first thing I did was head to the Microsoft site and attempt
to find my answers in TechNet
on-line. I shortly struck pay-dirt when a Microsoft article directed
me to another site, something I didn’t realize Microsoft would be so quick
to do!
The ISAServer site is full of
articles and information on how to configure and manage Microsoft’s server
firewall package. A quick scan down the list of articles provided one with
a title that seemed quite promising: “Allowing Norton Anti-Virus
Software LiveUpdate! through ISA Server” by Liran Zamir (so this
solution is based heavily on his article!)
It seems that, by default, ISA allows HTTP (Web-browsing) traffic out
of the firewall, but does not allow HTTP or FTP (File
Transfer Protocol)
back in through the firewall. Since Norton’s LiveUpdate! site relies on
both HTTP and FTP to function, enabling these capabilities is a must.
In order to configure ISA Server to download Norton’s anti-virus definition
updates, do the following:
-
Open the ISA management console.
-
Expand the Server -> Policy Elements -> Client Address sets in the ISA
tree.
-
Create a Client address set for your internal users. Enter the IP addresses
of the computers on which the Norton Anti-Virus is installed. (I used the
range 192.168.1.1 – 192.168.1.254, which covers every possible computer
IP address within my client’s internal network.)
-
Expand the Access Policy object, and create a new rule in Protocol Rules.
This rule should ALWAYS ALLOW the SPECIFIED CLIENT ADDRESS SET (created
in step 3) to access FTP and HTTP sites.
-
Click FINISH to end the Wizard.
At this point, I restarted my server and client computers to insure that
the new rules were refreshed and recognized on the network. Once the systems
came back up, I fired up LiveUpdate! and attempted to connect to the Norton
Anti-Virus site on the Internet. Every client was able to download and
install their own anti-virus definition updates.
As a bonus, and on a hunch, I attempted to use the Microsoft Windows
Update feature again on the Windows XP Professional computers. This feature
was now enabled as well — giving client computers the ability to scan their
systems for needed software updates, and to install these updates over
the network. It seems that Microsoft’s update site runs with the same requirements
as Norton’s!
|
|
| That’s all I have for this month. Drop me a line with your troubles
and questions, and we’ll continue to tackle one per month. Until next time,
always keep those virus definitions up-to-date!
|
|
