Here is the amusing information I received from the State of Florida when I attempted to get firewall configuration information from them for the web app that the State of Florida uses so companies can submit sales tax payments. They told me that they were going to email over everything I need to configure ISA Server. Here it is. Tom, why so many pages in your book? I hate calling tech support. Thank goodness for websites like ISAserver and this list. Microsoft ISA (Internet Security and Acceleration) All of the following information was taken from Microsoft's site at: http://support.microsoft.com/default.aspx?scid=kb;en-us;312624 * To install ISA Server as a firewall: Click Start, click Run, type cmd in the Open text box, and then click OK. At a command prompt, type Path\ISA\i386\Msisaent.exe (where Path is the path to the ISA Server installation files) Note that the path may be the root folder of the ISA Server CD-ROM or a shared folder on your network that contains the ISA Server files. Click Continue in the Microsoft ISA Server Setup dialog box. Read the End User License Agreement (EULA), and then click I Agree. Depending on your needs, click one of the installation options. Click Firewall mode, and then click Continue. When you are prompted to allow Setup to stop the Internet Information Service (IIS) services, click OK. To automatically construct an Internet protocol (IP) address, click Construct Table, click the network card that is associated with your server, and then click OK. Click OK to start the Configuration Wizard. * To configure firewall protection: Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management. In the console tree, click to expand server_name\Access Policy (where server_name is the name of the server), right click IP Packet Filters, point to New, and then click Filter. In the IP packet filter name box, type the name of the packet that you want to filter, and then click Next. Click either to Allow or Block to either allow or block the packet, and then click Next. Accept the Predefined option, and then click Next. Click the option for the way that you want the packet filter to be applied, and then click Next. Click the remote computer, and then click Next. Click Finish. NOTE: You can edit the properties for other services such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) if you double-click the service in the Configuration box. Amy -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, June 11, 2004 4:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: MTU Size http://www.ISAserver.org Thanks. I actually found an article on isaserver.org that had detailed information on how to set the MTU size in the server. I'll hang on to the script though. I love scripts but don't have the time to write them. BTW Tom, I searched on your website for MTU but didn't come up with any results. I consulted the book, nothing. I posted here, then went to Google. Google led me back to your site to an article titled ISA Server and DSL. Since that article has so much MTU information it would be handy to index it so it will come up on a search for MTU. Thanks all. I'm about to reboot and test. Amy -----Original Message----- From: josephk [mailto:josephk@xxxxxxxxx] Sent: Friday, June 11, 2004 4:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: MTU Size http://www.ISAserver.org Hi Amy, You actually specify MTU size based on the TCP/IP parameters for the NIC cards in the machine. You can modify the following script to help you make those adjustments. Thank you, Joseph '****************************************************************" ' Module/Class: UpdateMTU.vbs ' ' Version: 1.00.0000" ' Description: Admin tools for automating updating MTU info ' ' ' Last update: 06/12/2004 Joseph Kravis(josephk@xxxxxxxxx)" ' Last Time : ' ' Notes: from the command line run as: cscript.exe UpdateMTU.vbs ' ' ** REVISIONS**" ' ' Date By Description" ' -------- ---------- ------------------------------------------" ' See individual subs for revision information" '****************************************************************" const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut '*** ' Set WMI to impersonate at the root defalut level for reading selected key '*** Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces" oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys '*** 'Retreive the sub keys for looking at DHCP and IP address fields '*** '*** ' For each interface sub key process values we are looking for (DHCP and IP) '*** For Each subkey In arrSubKeys StdOut.WriteLine " " StdOut.WriteLine "New Interface " & subkey '*** 'Retreive the sub keys for passed in subkey data '*** strKeyPathB = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces" & "\" & subKey oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPathB, arrValueNames, arrValueTypes StdOut.WriteLine strKeyPathB For i=0 To UBound(arrValueNames) oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE, strKeyPathB, arrValueNames(i) , strValue '*** ' If we have either a DHCP or IP address '*** IF arrValueNames(i) = "DhcpIPAddress" or arrValueNames(i) = "IPAddress" Then '*** ' If we have either a DHCP or IP values add the MTU keyword '*** IF strValue <> "" or strValue <> "0.0.0.0" THEN StdOut.WriteLine "Value Name: " & arrValueNames(i) & " = " & strValue strValueName = "MTU" dwValue = 1440 oReg.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPathB, strValueName, dwValue END IF END IF NEXT NEXT 'End arrSubKeys Collection -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, June 11, 2004 12:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] MTU Size http://www.ISAserver.org I have a client that connects to a web app that requires a specific MTU size. I recall having to modify the MTU size on the Sonicwall firewall that this client used to use. Now they have ISA Server. So where do I specify the MTU size in ISA? Amy ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist