Connectivity
Using the Microsoft Internet Security and Acceleration (ISA) Server 2004 connectivity feature, you can verify connectivity by regularly monitoring connections from the ISA Server computer to any specific computer or URL on any network. You can configure which method to use to determine connectivity:
- Ping. When you configure this method, ISA Server sends an ICMP ECHO_REQUEST to the specified server and waits for an ICMP ECHO_REPLY. Use this method to verify that a server is running and can be reached by ISA Server.
- TCP connect. When you configure this method, ISA Server tries to establish a TCP connection to a specific port on the specified server. Use this method to verify that a specific service is running on the server and can be reached by ISA Server.
- HTTP request. When you configure this method, ISA Server sends an HTTP Get request and waits for the reply. Use this method to verify that a Web Server is running and can be reached by ISA Server.
You can select which server to monitor, by specifying an IP address, computer name, or URL. For instructions, see Create a connectivity verifier.
When you configure a connectivity verifier for a server, you categorize it into one of the following groups: Active Directory, DHCP, DNS, Published Servers, Web (Internet), and others. Server group status is displayed on the Dashboard view, enabling you to quickly determine if there's a problem with a particular service.
For example, suppose you publish FTP, SQL, and Exchange servers, and you depend on their regular availability to clients. You can create a connectivity verifier for each server, grouping them all in the Published Servers group. On the Dashboard, you can see a first indication that one of the servers is not functioning properly. When you drill down to the Connectivity tab, you can determine which specific server is not functioning properly. For instructions, see Configure a connectivity verifier group.
In another scenario, you might want to validate that ISA Server really has connectivity to websites on the External network. To do this, you might define HTTP connectivity verifiers to three common websites, generally known for being available. Group the connectivity verifiers in the Web(Internet) group.
When you create a connectivity verifier that issues a HTTP request to check connectivity, ISA Server enables a system policy rule that allows HTTP and HTTPS traffic from the Local Host to All Networks, named Allow HTTP/HTTPS from firewall to all networks, for HTTP connectivity verifiers. After you disable (or delete) all connectivity verifieres that use HTTP, the system policy rule is disabled. For more information, see System policy.
Analyzing HTTP Responses
When you configure a connectivity verifier method to send an HTTP request, the monitored server is expected to return an HTTP response. Depending on the response, ISA Server will mark the connectivity verifier status, as detailed in the table below.
| HTTP Response from Monitored Server | Connectivity Verifier Status |
|---|---|
| 1xx, 2xx, or 3xx | OK (response time in msec) |
| 401 (Web server authentication required) | OK. This is not considered an error because the Web serer itself returned the message. |
| 407 (proxy authentication required) | Error. This is considered an error because connectivity to the actual Web server cannot be determined. |
| 4xx (except 401 and 407) or 5xx | Error |
| Request timed out | Timeout |
| The server name could not be resolved | Unresolved name |
| ISA Server is down | Unable to verify (Firewall service is unavailable) |
