Overview about the Redline Software ISA Server / TMG Toolkit
Die Informationen in diesem Artikel beziehen sich auf:
Dieser Artikel steht derzeit ausnahmsweise nur auf Englisch zur Verfügung. Eine Übersetzung ist denkbar.
In this article, I will show you how to use the Redline Software ISA Server / TMG Toolkit. I will give you a high-level overview about the most of the tools which comes with the Toolkit.
Redline Software released a free ISA Server / TMG Toolkit that extends the ISA Server capabilities by a several of different tools. The ISA Server Toolkit contains several useful tools. I copied and pasted the overview of these tools from the Redline Software website. We will go into details by explaining most of these tools.
Download and installation
You can download the ISA Server Toolkit from the Redline Software website. As I wrote this article the latest version of the Toolkit is version number 1.3. After downloading the Toolkit, start the installation process and chose the tools that you want to install.
The ISA Server Toolkit distinguishes between standalone tools and Web filter applications as you can see in the following picture.
Stand Alone tools can run without directly integrating into the ISA Server architecture. On the other hand the Web filter applications integrate into the ISA Server configuration by extending the ISA Server functionality through a Web Filter.
Figure 1: Select components to install
You can choose between different Setup Scenarios.
Figure 2: Setup scenarios – Chose the best Setup type
If you selected to install the Client Hostname Resolver tool during the initial setup, you must now specify an account with permission. If you want to install one or more Web Filter from the ISA Server Toolkit, the Microsoft Firewall service must be restarted during the setup process. You have to confirm the restart of the process. Specify the installation directory where all components should be installed.
After setup has successfully finished, you will find a number of installed Web Filters. You can easily find these Web Filters in the Vendor column.
Figure 3: Installed Web Filters from redline software
Some of the Web Filters are directly configurable, some Web Filters are not.
SSL Decoder is a utility that makes it possible to inspect outgoing HTTPS traffic by issuing certificates for each outgoing client request. SSL decoder acts a small Certificate Authority (CA) that issues certificates from this Root CA. It is possible to create your own Root CA and you can also chose the work scenario how SSL Decoder should work.
This is a nice feature because the current version of ISA Server has no outgoing HTTPS inspection capability, only incoming requests can be inspected via a HTTPS Bridging scenario in a reverse Proxy scenario.
Figure 4: SSL Decoder configuration settings
As I said above, there are four
different working scenarios how SSL Decoder should work.
Figure 5: SSL Decoder scenarios
The additional settings tab allows the configuring of SSL Decoder logging. For a detailed installation instruction read this article.
Advanced Web Routing Rule
Advanced Web Routing extends the Web Chaining capabilities of ISA Server 2006, where traffic only could be forwarded to one destination without a chance to select, which traffic should be send to the Upstream Server. The Advanced Web Routing utility extends these features. It is now possible to specify some criteria for routing Web requests and it is also possible to specify different Web Routing destinations also based on several criteria’s.
Figure 6: Advanced Web Routing Rule
The Headers Modifier tool allows ISA Server Administrators to search for specific HTTP Headers and provides different methods to add, modify, delete or to substitute HTTP Headers.
Figure 7: Headers Modifier
Another helpful utility which allows you to search for specific strings inside a HTTP response and to replace these strings with a Replace string is the Response Modifier utility. For example, it is possible to enhance the virus security on computers; ISA Server Administrators can disable opening some HTML pages containing that dangerous content.
Figure 8: Advanced Web Routing Rule
Config Backup is my absolute favorite. Config Backup allows you to create a scheduled backup of the entire ISA Server configuration. Config Backup creates a normal XML export file like the Export process in the ISA Server Management console and schedules this process and it is possible to keep the last NN backup sets, which extends the available script from MSDN to create a scheduled backup which only backups the entire configuration and overwrites the existing backup file.
Figure 9: Redline Toolkit Config Backup settings
Config Backup allows using a custom folder to store the ISA Server backup files. The network service account must have Read and Write access permissions to the network share and for the folder.
Config Viewer is a tool which can be used to open an exported ISA Server configuration (XML file) for offline viewing the configuration of your ISA Server. This tool is very helpful because it is possible to open different configurations to see the difference between these configurations. As an ISA Server Consultant the tool is helpful for documentation purposes of ISA Server implementations at customer side.
Figure 10: Config Viewer
If your ISA Server logs network traffic into the MSDE (Microsoft SQL Server Desktop engine), and that is the default setting in ISA Server setup, ISA Server logs into database file. With the help of the MDF Viewer it is possible to have a view into this log files.
Figure 11: MDF Viewer
The keywords Finder tool allows ISA Administrators to find keywords in the ISA Server MSDE log files. It is possible to search for several of ISA objects like IP addresses, MAC addresses and many more.
Figure 12: Keywords Finder
The ISA Server Toolkit integrates into the ISA Server MMC and on the General tab it is possible to backup and restore the ISA Server Toolkit configuration.
Figure 13: Toolkit Backup and Restore
In the ISA MMC you will find a new tab under the ISA Server Toolkit node with an overview about all Web Filters and Standalone Applications provided by the ISA Server Toolkit.
Figure 14: Overview about Web Filters
Tunnel Port Range Editor
The ISA Server Toolkit also contains an ISA Server Tunnel Port Range Editor, like the well known Tunnel Port Range editor from www.isatools.org. With the help of this tool it is possible to change the ports or port range for SSL traffic which typically used Port 443 or 563 for NNTPS.
Figure 15: ISA Toolkit Tunnel Port Editor
In this article, I tried to give you an overview about the ISA Server / TMG Toolkit. The ISA Server Toolkit is in my opinion a wonderful addition and extension to the ISA Server product and a must have for every ISA Server Administrator. My personally favorite is the integrated filter for automating the ISA Server backup.
Stand: Friday, 28. August 2009/MG. - http://www.it-training-grote.de
oder Probleme in Zusammenhang mit dieser Website richten Sie bitte an den
Webmaster. Bitte inhaltliche oder technische Fragen ausschließlich in der
deutschen ISA Server Newsgroup