Red Line Software - we help you manage the efficiency of your office operations.

This new Tutorial will cover using the built in features of ISA to monitor connections, services, publishing and other aspects of ISA.

This tutorial will cover how to monitor basic ISA functions using the ISA MMC.

This tutorial is not for the advanced ISA administrator but rather for the novice ISA admins.  A lot of people ask me where they can stop the ISA services when in the services control panel object, and this proves to be difficult to find in windows 2000 considering that there are over 50 services running at any one time.  I will demonstrate various common monitoring features that ISA has and also where I think it could be improved.

There are various monitoring functions that prove to be useful when using the ISA MMC provided rather that reading the log files or perusing the ISA reports.

•        The above diagram displays where to find the monitoring object and also displays the objects within.

•        The above diagram displays the alerts object.  The alerts on the right are displayed and allow you to monitor other servers with in the ISA array that you might have.  The first occurrence is also displayed and this will help you back track the problem in case one of the events caused the other.  A brief description of the alert is also displayed if you scroll further right.

•        The services object is quite useful.  When clicking on this object you are capable to view three if the main ISA services that have loaded.      You can also stop and start selected services.  You can also see how many sessions are open to each service.  This can be quite useful when troubleshooting because you can see f the user is reaching the ISA sever.

 

To stop and start services from the command prompt Use net start to start the service and net stop to stop the service.

The syntax is net start/stop (service name or command syntax)

• To stop/start the firewall service type: net stop/start "Microsoft firewall"
• To stop/start the ISA Server Proxy Filter Extensions type: net stop/start mspfltex
• To stop/start the Microsoft web proxy service type: net stop/start "Microsoft web proxy" 
• To stop/start the Microsoft h.323 gatekeeper service type: net stop/start " Microsoft h.323 gatekeeper " 
• To stop all ISA services type: net stop Isactrl

4.        In the sessions screen you can see the session type, be it a firewall session or web session, the username of the user connected, the computer used by the user to connect to the service, the IP address of the users computer and the activation time of the session.  If I were to improve on this screen I would add the URL that the user is visiting, DNS requests time that the user has been online and a graph of the bandwidth that the user is using at the time relative to all of the available bandwidth.

•        The report object is where you can view all of the report that you have configured in the ISA Monitoring and configuration object further down in the MMC. You can view a summary of the reports web usage in the form of an html page.  You can also see web usage the amount of URLs visited by a user in relation to the rest of the URLs visited, application usage, traffic and utilization, and a security report.  The improvement I would make here would be real-time report with about 48 hour history as this is mostly what management requires frequently.  

Summary:  I have explained the various built in monitoring futures of ISA and hopefully you have learnt from this.  ISA monitoring has a lot to be desired and I have found some very good third party software from GFI that is very useful in making my administering life a whole lot easier. I hope Microsoft will add more intuitive monitoring features in the next release of ISA server.

Author: Ricky M. Magalhaes

Ricky M. Magalhaes is a security specialist that has worked as a consultant and IT technical specialist for the past 8 years. He has been primarily responsible for implementation and design of Security, network architecture, communications, network infrastructure and Security R&D for many South African organizations that he works with. He is a windows 9x product specialist and has been working with the windows product since version win 3.11. He has also written articles on security for www.windowsecurity.com, www.ISAserver.org, www.governmentsecurity.com and many other well known security and technology websites.