The last page of the ISA BPA Tool Setup Wizard
Beginning a new ISA BPA scan
- Health Check ISAInfo - This option tells the BPA to check the ISA firewall's configuration against the list of best practices checks and also runs a comprehensive scan of the ISA firewall's firewall policy and computer configuration and settings and includes this information in the report that follows the scan.
- Health Check - This option tells the BPA to check the ISA firewall's configuration against a list of best practices checks.
- Run ISAInfo - his option tells the BPA to only run the ISAInfo tool
Selecting the type of scan to perform
- Basic Settings
- Operating System
- Web Publishing
All scans are completed
- This computer has less than 512MB or memory - This is a reasonable alert, as it's recommended that the ISA firewall have at least 512MB of RAM.
- A logical disk has less than 3GB of available space - Not sure why they needed to point this out. Yes, I know that when I run out of disk space no more logging will take place and puts the ISA firewall into lockdown mode. That's why we configured the Logging features on the ISA firewall post installation. I suppose if you hadn't read the book (or the Help file) you wouldn't know this.
- This ISA Server Computer is not hardened - How did the BPA make this assessment? Its as hard as I want it to be, and I did take measures to secure the configuration, such as locking down system policy, not running client applications on the ISA firewall, downloading updates to a management workstation before installing them on the ISA firewall, and others. The reason why the BPA pointed out that the system wasn't hardened was because the Windows Server Service is running on the machine. However, since no SMB/CIFS access is allowed to the ISA firewall, it doesn't matter.
Viewing the types of ISA BPA reports
- Full Issues List - This report lists the major issues discovered by the ISA firewall BPA.
- Items of Interest - This report lists issues that are "interesting" (not sure who defined "interesting" or how "interesting" was defined)
- Hidden Items List - This is a list of hidden items, but I'm not sure why they are defined as "hidden" and who they're hidden from.
- Detailed View - This provides a very detailed view of the ISA firewall's BPA findings and calls out areas with Information, Warning, and Alert icons. This detailed information is presented in a tree format, as we'll see later.
- Summary View - This provides a list of all Information, Warning and Alert areas discovered by the ISA firewall BPA. This is the report I go to first.
Viewing the Items of Interest Report
Viewing the Hidden Items Report
Viewing the Detailed View Report
Viewing the Summary View Report
Continuing the list of best practices issues in the ISA BPA Help file
Saving the report in a variety of formats
- Find - This feature allows you search the contents of the report by matching a string you enter into the Find text box.
- Export Report - This feature allows you to export the report to an .xml file that you can copy to another machine. You also can export to HTML or CSV. However, if you use HTML or CSV, you will only be able to save the current report and not the entire data file used to generate all of the reports. Above illustrates this option.
- Print Report - This option allows you to print the current report.
Updating the ISA BPA configuration set
Updating the ISA BPA configuration set
The last page of the ISA BPA Tool Setup WizardMicrosoft recently released its ISA 2004 Best Practices Analyzer (BPA) Tool. Like the BPAs released for other Microsoft server products, the ISA firewall's BPA can be used to analyze your ISA firewall's configuration and then come up with suggestions for how you can correct problems with your ISA firewall. In this article we'll take a look at what the ISA firewall BPA does and the type of information you'll get after running the tool.
Obtaining and using BPA
The first step is to download the BPA from the The ISA firewall BPA will work on both Standard Edition and Enterprise Edition. You will need to make sure that the .NET framework 1.1 is installed before installing the ISA firewall BPA.
After downloading the tool to a management station, scan the file with your favorite AV/AS software, then copy it to the ISA firewall. Double click on the IsaBPA.msi to install the application. At the end of installation, leave the checkmark in the Invoke Microsoft ISA Server Best Practices Analyzer Tool when the wizard closes checkbox, as seen in above, and click Finish.
Microsoft recently released its ISA 2004 Best Practices Analyzer (BPA) Tool. Like the BPAs released for other Microsoft server products, the ISA firewall's BPA can be used to analyze your ISA firewall's configuration and then come up with suggestions for how you can correct problems with your ISA firewall. In this article we'll take a look at what the ISA firewall BPA does and the type of information you'll get after running the tool.