RE: ISA 2004

Hi Aart:
Thank you for posting here. I am sorry for the delayed response due to
weekend. Please understand that the newsgroups are staffed weekdays by
Microsoft Support professionals to answer your systems and applications
questions. Your understanding is greatly appreciated!

As Steve mentioned, the ISA Server 2004 uses the "Networks" object to
differentiate the external network from the protected network. The
"Internal" represents the network which is connected to the "LAN" network
card of the ISA Server. The "Local host" object represents the ISA Server
itself and the "External" means the outside internet. Different Networks
are unable to communicate with each other by default. We need to create the
"access rule" and define the relation of the Networks (For example, "Route"
and "NAT") to establish the connection between the different networks. (The
previous version ISA 2000 uses "LAT" to work out which NIC belongs to
network.)

Regarding the current situation, please double check the definition of
"Networks".
1. Go to the ISA management console, navigate to Configuration->Networks,
on the middle pane, click the Networks button.

2. Double click the "Internal" object, go to the Addresses tab, is the
correct address range which represents your internal network listed? If the
address range is not correctly defined, please edit it to the right range
and apply the settings.

After reviewing the network definitions, please rerun the CEICW Wizard, It
will automatically update the ISA rules for internet access and site
publishing. You can refer to following KB article for detailed information:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Regarding the large report problem, by default the ISA report file was
summarized from the daily log files. It will include five parts: Summary,
Web Usage, Application Usage, Traffic and Utilization and Security. We can
customize the properties of each part to define how many records will be
listed in the weekly/monthly report. If the daily network traffic is very
busy, the ISA log will surely be very large. As a conclusion, the report
which is generated by the ISA log will also become larger. (However, based
on my experience, a monthly report file with the size of 17 GB is not
reasonable.) Please go to the ISA log folder (By default it's at c:\Program
Files\Microsoft ISA Server\ISALogs), and check what is the size of the
ISA's daily log.) Please also go to the ISASummaries folder and check the
size of the ISA Summary file.

To decrease the size of the ISA report file, we can exclude the network
traffic which is not necessary to monitor. As you mentioned, if you don't
want to monitor the LAN traffic, we can perform the following steps:
1. Go to the ISA management console, navigate to Firewall Policy.

2. On the right pane, double click the access rule which is created for the
internet access of the internal users. By default, this rule is called "SBS
Internet Access Rule" which is created by the CEICW Wizard. Then switch to
the Action tab, uncheck the "Log requests matching this rule" option. After
doing that, all the network traffic which is applied to this access rule
will no longer be logged in the ISA log file. You can also make the same
settings to the rules whose source object is "All Protected Networks",
"Local Host" and "Internal", which means the traffic is initiated from the
internal clients or ISA Server itself.

3. Click the Apply button to save the settings.

More information:
How to generate a monthly report in ISA Server 2004:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;837576

Hope the above information helps. Please feel free to let me know if there
is anything I can do for you.

Have a nice day! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Aart Jansen" <aart@*remove*hayes.co.nz>
| Subject: ISA 2004
| Date: Fri, 14 Oct 2005 14:16:28 +1300
| Lines: 18
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <uhpyozF0FHA.596@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: smtp.hayes.co.nz 210.54.213.234
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:161223
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| After a successful upgrade, doing the monthly traffic usage, it reports
| about 17Gb.... Hmmm thats quite unlikely, it appears to me that its
| monitoring the LAN traffic aswell as external traffic, quickly scanned
| through its netowrk configuration left me feeling like I shouldn't really
do
| anything drastic.
|
| The server has 2 network cards "LAN" & "internet" neither shows in the
ISA
| as a connection, it has Internal, External, & local host.
|
| I have re-run the CEICW after ISA2004 installed.
| Is there something else that needs to be done? I have installed the SBS
SP1
| on premium elsewhere without this kind of issue, and the site is pretty
| standard.
|
| TIA
| Aart
|
|
|

.