This article was previously published under Q312624
This article describes how to install Internet Security and Acceleration (ISA) Server and configure it as a firewall. To install the ISA Server schema to Active Directory, you must be an administrator on the local computer. In addition, you must be a member of both the Enterprise Admins and Schema Admins groups. You have to install the ISA Server schema only once to Active Directory for the entire enterprise or organization.
CAUTION The enterprise initialization process copies the ISA Server schema information to Active Directory. Because Active Directory does not support deletion of schema objects, you cannot reverse the enterprise initialization process.
How to install ISA Server as a firewall
To install ISA Server as a firewall:
Click Start, click Run, type cmd in the Open text box, and then click OK.
At a command prompt, type Path\ISA\Setup.exe (where Path is the path to the ISA Server installation files).Note that the path may be the root folder of the ISA Server CD-ROM or a shared folder on your network that contains the ISA Server files.
Click Continue in the Microsoft ISA Server Setup dialog box.
Read the End User License Agreement(EULA), and then click I Agree.
Depending on your needs, click one of the installation options.
Click Firewall mode, and then click Continue.
When you are prompted to allow Setup to stop the Internet Information Service (IIS) services, click OK.
To automatically construct an Internet protocol (IP) address, click Construct Table, click the network card that is associated with your server, and then click OK.
Click OK to start the Configuration Wizard.
How to configure firewall protection
To configure firewall protection:
Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
In the console tree, click to expand server_name\Access Policy (where server_name is the name of the server), right click IP Packet Filters, point to New, and then click Filter.
In the IP packet filter name box, type the name of the packet that you want to filter, and then click Next.
Click either to Allow or Block to either allow or block the packet, and then click Next.
Accept the Predefined option, and then click Next.
Click the option for the way that you want the packet filter to be applied, and then click Next.
Click the remote computer, and then click Next.
Note You can edit the properties for other services such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) if you double-click the service in the Configuration box.
For more information about how to configure the firewall, click the following article number to view the article in the Microsoft Knowledge Base:
179442 How to configure a firewall for domains and trusts