Deployment Scenario: ISA Server computers with a single network adapter

You can install ISA Server on computers with just a single network adapter. Typically, you will do so when another firewall is located on the edge of the network, connecting your corporate resources to the Internet. In this single-adapter scenario, ISA Server typically functions as a cache server, caching content from the Internet, for use by clients on the corporate network.

Internal network

One of the fundamental features of ISA Server is its ability to connect multiple networks. When ISA Server is installed on a single-adapter computer, however, it recognizes only one network—the Internal network. The Internal network therefore actually comprises all IP addresses, with the following exceptions: 0.0.0.0, 255.255.255.255, and the address range 127.0.0.0 to 127.255.255.255.

Installing ISA Server on a single-adapter computer

As part of the setup process, you specify the addresses in the Internal network. When you install ISA Server on a computer with just one network adapter, be sure to include all addresses except 0.0.0.0, 255.255.255.255, and the address range 127.0.0.0 to 127.255.255.255.

You can use the Single Network Adapter network template to configure your single-adapter ISA Server computer. To use the template, in ISA Server Management, expand the Configuration node, and select Networks. In the tasks pane, on the Templates tab, select Single Network Adapter to start the Network Template Wizard. Follow the wizard steps to complete the configuration.

We recommend that you use the default settings provided by the Network Template Wizard.

Caching

You can deploy ISA Server on a single-adapter computer as a forward proxy and caching server, which provides clients with optimized access to the Internet. In this scenario, you can configure ISA Server to maintain a centralized cache of frequently requested Internet objects that can be accessed by any Web browser client, and use cache rules to manage the cache.

In this scenario, you will have to modify the default firewall policy to allow internal clients access to the Internet. Although all IP addresses are considered to be on the same Internal network, ISA Server may deny Web traffic due to the default "Deny All" rule. You therefore need to create a rule that allows traffic to pass between the networks.

To enable this caching scenario, you must create an access rule that allows all clients to use Hypertext Transfer Protocol (HTTP), and possibly HTTPS and File Transfer Protocol (FTP). Because the Internal network is uniquely defined to include all addresses, the source and destination networks for this rule should be internal.

Single-adapter mode functionality

When you install ISA Server on a computer with a single adapter, the following ISA Server features cannot be used:

  • Firewall clients
  • Virtual private networking
  • IP packet filtering
  • Multi-network firewall policy
  • Server publishing
  • Application-level filtering

This results in a limited security role for ISA Server in your network.

Additional Links

Search

Support

Documentation

Authorization

 
Forgot your password?
Register

Subscribe

Subscribe to company news