How to Configure an ISA Server 2004 Firewall on Small Business Server for System Center Essentials

Use the following procedures to configure the firewall settings in Internet Security and Acceleration (ISA) Server 2004 so that you can install Systems Center Essentials 2007 on a computer running Small Business Server Premium Edition.

To create a new access rule for the ` Service

Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
Expand the Firewall Policy node under the desired computer in the navigation pane, and click Create Array Access Rule in the tasks pane.
1. Name the access rule SCE Health Service, and click Next.
2. On the Rule Action page, select Allow and click Next.
3. In This rules applies to, select Selected protocols and click Add.
4. In the Add Protocols dialog box, click New, and then click Protocol.
5. In the New Protocol Definition Wizard, enter TCP 5723.
6. On the Primary Connection Information page, click New.
7. On the New/Edit Protocol Information page, enter 5723 both in the From and To boxes, and click OK.
8. On the Primary Connection Information page, click Next.
9. On the Secondary Connections page, click Next.
10. On the Completing the New Protocol Definition Wizard page, click Finish.
In the Add Protocols dialog box, expand the User-Defined folder, select TCP 5723, and click Add.
1. Click Close to close the Add Protocols dialog box.
2. On the Protocols page of the New Access Rule wizard, click Next.
3. In the Access Rule Sources dialog box, click Add.
4. In the Add Protocols dialog box, expand the Networks folder, select Internal, and click Add.
5. Select Local Host and click Add, and then click Close.
6. On the Access Rule Sources page of the New Access Rule wizard, click Next.
7. In the Add Network Entities dialog box, expand the Networks folder, select Internal, and click Add.
8. Select Local Host and click Add, and then click Close.
9. On the Access Rule Destinations page of the New Access Rule wizard, click Next.
10. In the User Sets dialog box, click Next.
11. On the Completing the New Access Rule Wizard page, click Finish.

To create new access rule for the System Center Essentials SDK Service

Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
Expand the Firewall Policy node under the desired computer in the navigation pane, and click Create Array Access Rule in the tasks pane.
1. Name the access rule SCE SDK Service and click Next.
2. On the Rule Action page, click Allow and click Next.
3. On the Protocols page, under This rules applies to, select Selected protocols and click Add.
4. In the Add Protocols dialog box, click New, and click Protocol.
5. In the New Protocol Definition Wizard, enter TCP 5724.
6. On the Primary Connection Information page, click New.
7. On the New/Edit Protocol Information page, enter 5724 both in the From and To boxes, and click OK.
8. On the Primary Connection Information page, click Next.
9. On the Secondary Connections page, click Next.
10. On the Completing the New Protocol Definition Wizard page, click Finish.
In the Add Protocols dialog box, expand the User-Defined folder, select TCP 5724, and click Add.
1. Click Close to close the Add Protocols dialog box.
2. On the Protocols page of the New Access Rule wizard, click Next.
3. In the Access Rule Sources dialog box, click Add.
4. In the Add Protocols dialog box, expand the Networks folder, select Internal and click Add.
5. Select Local Host and click Add, then click Close.
6. On the Access Rule Sources page of the New Access Rule wizard, click Next.
7. On the Access Rule Destinations page of the New Access Rule wizard, click Add.
8. In the Add Network Entities dialog box, expand the Networks folder, select Internal, and click Add.
9. Under the Networks folder, click Internal and click Add.
10. Select Local Host and click Add, and then click Close.
11. On the Access Rule Destinations page of the New Access Rule wizard, click Next.
12. In the User Sets dialog box, click Next.
On the Completing the New Access Rule Wizard page, click Finish.

To publish the WSUS Web server

Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
Expand the Firewall Policy node in the navigation pane, and click Publish a Web Server in the tasks pane.
1. Name the access rule SCE WSUS Web Server, and click Next.
2. On the Select Rule Action page, select Allow and click Next.
In the Define Website to Publish dialog box, enter the Essentials 2007 server name in the Computer name or IP address box.
Enter /* in the Path box, and click Next.
In the Public Name Details dialog box, enter the Essentials 2007 server name in the Public name text box and click Next.
In the Select Web Listener dialog box, click New.
1. In the Welcome to the New Web Listener Wizard page, enter SCE Web Listener and click Next.
2. In the IP Addresses page, select the Internal and Local Host check boxes and click Next.
On the Port Specification page of the New Web Listener Wizard, do the following:
1. Select the Enable HTTP check box.
2. Enter 8530 in HTTP port.
3. Select the Enable SSL check box.
4. Enter 8531 in SSL port.
5. Click Select, select the certificate that matches the hostname of the System Center Essentials server, and then click OK.
6. Click Next.
On the Completing the New Web Listener Wizard page, click Finish.
In the Select Web Listener dialog box:
1. Under Web Listener, select SCE Web Listener and click Next.
2. On the User Sets page, click Next.
On the Completing the New Web Publishing Rule Wizard page, click Finish.
In the ISA Server 2004 console, right-click the SCE WSUS Web Server rule and click Properties.
1. Click the To tab.
2. Select Requests appear to come from the original client.
3. Click the Bridging tab.
4. Enter 8530 in Redirect requests to the HTTP port.
5. Select the Redirect requests to SSL port check box, and enter 8531.
6. Click OK.
In the ISA Server 2004 console, click Apply to save changes and update the configuration.

To create a new access rule for the ` Service

To create new access rule for the System Center Essentials SDK Service

To publish the WSUS Web server

See Also

Tasks

Other Resources