ISA Server 2006

Cyfin is designed to work with ISA Server 2006. Your Cyfin system can be configured in two ways, either as an on-box solution or off-box solution.

Company Overview

Initially introduced in 2000, ISA Server 2000 was the first version of the Internet Security and Acceleration (ISA) Server product. A major revamp was released in 2004 and called ISA Server 2004. This overhaul included significant improvements and put it on par with other firewall and security gateway products. Released in 2006, ISA Server 2006 is Microsoft’s last version of its ISA Server product line and is a comprehensive network security solution that provides a network edge and perimeter firewall, a remote access VPN server, a site-to-site VPN gateway, and Web proxy and caching.

Cyfin - ISA Server 2006 On-Box Configuration

Cyfin is installed directly on ISA Server 2006.

Log File Setup

Standard Configuration

Log File Type:  Microsoft ISA Server (ISA Format)

Default Directory:  [InstallPath]\wc\cf\log

Alternate Configuration

Log File Type:  Microsoft ISA Server (ISA Extended Format)

Default Directory:  [InstallPath]\wc\cf\log

NOTE:  Cyfin can be installed directly on the ISA server or on a stand-alone machine. ISA Format uses local time for the data record time stamp. ISA Extended Format uses GMT time (set by the ISA Server and is not configurable).

MSDE Database Configuration

Log File Type:  Microsoft ISA Server (MSDE Database)

Default Directory:  [InstallPath]\wc\cf\log

NOTE:  MSDE-formatted data no longer needs to be extracted to ASCII text files for the product to use. However, if you were using that method (previously required when using MSDE data in past versions of our product), upgrades are backward-compatible, and you do not have to change your processes. You could simply create a new configuration if you want to stop converting MSDE data to text, while still maintaining your older data right where it sits.

SQL Server Database Configuration

Log File Type:  Microsoft ISA Server (SQL Database)

Default Directory:  None

NOTE:  Some configurations are necessary so that the product can access the SQL database and read it. Follow the on-screen instructions provided when configuring this type of data source in the product (begin with the Log Data Source - Setup screen).

Configuration Steps

With ISA 2006/2004, information is logged to MSDE database files by default.

NOTE:  The steps below are only pertinent to the Standard and Alternate log file configurations mentioned above. If you have other uses for the default MSDE data, the product has the ability to use the MSDE information (see above). The product can also read SQL Server data. A few simple steps are required and described in the Log Data Source - Setup wizard when you select Microsoft ISA Server (MSDE Database) or Microsoft ISA Server (SQL Database) respectively, as your log file type.

To change Web proxy logging to the standard file type (non-MSDE), here are detailed instructions:

1. Open the ISA Server Management console and expand the server name.
2. Click the Monitoring node in the left pane of the console.
3. On the Monitoring node, click the Logging tab in the middle pane.
4. Click the Tasks tab in the right pane.
5. Click the Configure Web Proxy Logging link.
6. Select log storage format File (do not select "database.")
7. In the format drop-down menu, select ISA Server file format.
8. Click Apply.
9. Click OK.
10. To save these changes, click Apply at the top of the middle pane.

NOTE:  Now that ISA is logging to the "File" format, it will take some time for a log file to be created. Depending on your volume of Web traffic, you may need to wait several minutes before a log file exists and can be configured in the product.

Configure Integrated Authentication for Outbound Web Requests (optional, recommended)

If you want to provide seamless Internet browsing for your users (e.g., no pop-up requiring a login and password will appear), you should configure Integrated authentication on your ISA Server. To do this, follow these steps:

1. Start the ISA Server Management tool.
2. Expand ServerName, expand Configuration, and then click Networks.
3. Right-click the network that listens for the outbound Web requests, and then click Properties. For example, to configure authentication for users who are connected to the internal network, right-click Internal, and then click Properties.
4. Click the Web Proxy tab, and then click the Authentication button.
5. Click to select the Basic check box, and then click to select the Integrated check box.
6. Click to select the Require all users to authenticate check box.
7. Click OK to save the changes and to exit.

Cyfin - ISA Server 2006 Off-Box Configuration

Cyfin is installed on a server other than ISA Server 2006.

Log File Setup

If Cyfin is installed off-box, the log files need to be transferred to the Cyfin box or put into a suitable location where Cyfin can read them. This can be done in a few ways:

• Copy the log files to the Cyfin machine's local drive (this is what we recommend for best network performance). To automate this process, you can create a script to copy the logs over at a specific time each day.
• FTP the logs over to the Cyfin machine's local drive. Again, this process can also be automated with scripts.
• Have the log files reside on a network drive. NOTE:  Cyfin cannot browse the network. For this log file option to be successful, two things must be true:
  • The network drive must be mounted on the network.
  • The Cyfin Service logon account needs to be a domain account with administrative rights.

Please see the section above for information about log file setup, keeping in mind that the directory path for log files will be different for an off-box solution.