Extending ISA in SBS 2003 [Windows Small Business Server 2003 Best Practices book excerpt]

Good morning SBSers!

I am the author of the Windows Small Business Server 2003 Best Practices book and each day I hold a virtual book reading! Today it’s a passage on extending ISA!



Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

Extending ISA Server 2000

In this section, you’ll learn two ways (among many) to extend the functionality of ISA Server 2000. Remember that my book will only take you so far (reader flames kindly ignored) with ISA Server 2000, and you need to purchase really thick books dedicated only to ISA Server 2000 (see the end of this chapter for some recommendations).

The two cool things you’ll do with ISA Server 2000 are to create a custom port opening and create alerts. That’s because these are tasks you might well perform in the real world of SBS.

Creating a Custom Port Opening

Much like the hostile student who might ask in the classroom, “why am I learning this?”, you might be wondering why you need this section. There are at least two reasons why you might need to know of custom port openings in ISA Server 2000 on your SBS network:

          Customer need. I’ve had numerous customer situations where a port needed to be open in ISA Server 2000 to allow a line of business appli­cation to function. These customer scenarios included:

          Manufacturing. This required a custom port opening to allow the manufacturer to access an Oracle-based enterprise resource plan­ning (ERP) database being hosted by an application service pro­vider (ASP). This required port 8000 to be opened.

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.


Section 4 SBS 2003 Premium Edition

                      Medical clinic. This client required specific port openings that allowed access to a medical practice software solution (based on the HIPPA compliance matter in the US).

                      Accounting practice. This accounting firm needed to extend basic terminal services functionality in conjunction with one of its client sites using Citrx MetaFrame. The issue here was to open MetaFrame-related ports (ports 1494, 1604 were opened; note port 3389 is opened in SBS when you elect to implement external Ter­minal Services functionality in the EICW).


          Extending native SBS functionality. This is a procedure that you’ll complete to “make whole” an example we’ve created via the SPRING­ERS methodology. You’ll recall that I promoted the possible use of Internet Mail Access Protocol (IMAP) e-mail in the Exchange and Outlook chapter (Chapter 6). The context was the fussy executive who

might need an alternative to Outlook Web Access (OWA) and would thus use Outlook Express with IMAP-based e-mail (don’t laugh as I’ve seen this happen!). So please complete the following procedure to open port 143 to support IMAP version four (IMAP4).

1                    Log on as Administrator using the password Husky9999! on SPRINGERS1.

2                    Click Start, Server Management (assuming you added the ISA Man­agement snap-in into the Server Management console as per above) and highlight ISA Management. Otherwise click Start, All Pro­grams, Microsoft ISA Server, ISA Management to launch the ISA Management Microsoft Management Console (MMC).

3                    Expand Servers and Arrays.

4                    Expand SPRINGERS1.

5                    Expand Access Policy.

6                    Right-click IP Packet Filters and select New, Filter.

7                    Type IMAP Port Opening in the IP packet filter name field on the Welcome to the New IP Packet Filter Wizard page. Click Next.

8                    Select Allow packet transmission on the Filter Mode page. Click Next.


 Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.



9. On the Filter Type page, select Custom and click Next.


10.       Complete the Filter Settings page similar to Figure 13-14 where you have created a TCP port for both directions using port 143 for the local and remote fixed port. Click Next.


11.       Select the Default IP addresses for each external interface on the ISA Server computer option on the Local Computer page and click Next.


12.       Select All remote computers on the Remote Computers page and click Next.


13.       Click Finish on the Completing the New IP Packet Filter Wiz­


ard page. Figure 13-14

This page is where the heavy lifting occurs to open the custom port.

BEST PRACTICE: Because this wizard was native to ISA Server 2000 and not SBS 2003, there is no “here” link to add the configuration information (Step 13 above) to your network notebook. But you

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

can select the text with your mouse and press Ctrl-C and then paste

it to a text editor, such as WordPad with the Ctrl-V keystroke.


Leave a comment

Filed under Book

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s