There are some notes regarding Cisco and SSL ports on my SBS page
When installing ISA 2004 (Or specifically ISA 2004 in SBS r2) here are some things I always do:
Turn MSDE logging off and revert to flat file logging
Edit the alerts and remove the stop service component of the Logging error alert
Turn off read-only FTP
Create an ISA cache file
Whilst these items might not suit your environment, I find they help me better serve my customers.
SBS 2003 R2 Error message in ISA Server 2004: "MMC encountered an error with the snap-in...." when you are configuring properties of objects.
This is a know error and fixed with a simple hot fix. Refer Microsoft.
Block media files in ISA 2000:
Using the customized ''content groups'' and create ''sites and contents rules'' to deny particular content group can help us to block the audio, video and executive files come with the HTTP protocol. Please refer to the following steps:
Open ''ISA Management'', navigate to ''Access Policy''. Right-click ''Site and Content Rules'
Type a rule name such as ''Deny rule'', click ''Next''.
Select ''Deny'' and then click ''Next''. Select ''Custom''. Click ''Next''-->''Next''-->''Next''-->''Next'
'-->When you configure content groups, select ''Only the
following content types'' and then
select ''Audio'', ''Video'' and click ''Next''. Click ''Finish'' to finish the configuration.
Navigate to ''Monitoring''\''Services''. In the right panel, restart the web proxy service.
However, sometimes the video and audio streams are transferred by using some multiple media stream protocols such as MMS, PNM or RTSP. To block
these kinds of media streams, we need to use protocol rules. I would like to suggest you refer to the following steps:
Open ''ISA Management''; navigate to ''Access Policy''\''Protocol Rules''\
In the right panel, double-click the rule. Click ''Protocol'' tab.
If the rule is applying to all protocols, please select ''All IP traffic except selected'' and then
choose the following protocols:
-MMS-Windows Media Server
-PNM-Realnetworks protocol (Client)
-PNM-Realnetworks protocol (Server)
Select other protocols that you want to block.
Click ''OK'' to close the dialog box.
Navigate to ''Monitoring''\''Services''\, in the right panel, restart the ISA services.
In ISA 2004:
The configuration in ISA 2000 is similar to ISA 2004, even more convenient. We only need to modify one of the access rules. Open ISA 2004 Management Console, navigate to Servername\Firewall Policy, on the right pane, double click the "SBS Internet Access Rule".
Note: This rule is created once we run the CEICW Wizard, if you have modified the ISA access rules before, please choose the rule you created for outbound internet access.
Go to the Protocols tab, change the option This rule applies to from "All outbound traffic" to "All outbound traffic except selected", and then add the following protocols which are defined for Audio/Video to the list.
MMS\MMS Server\PNM\PNM Server\RTSP\RTSP Server
Go to the Content Types tab, click "Selected content types", check all the options except the Audio/Video checkbox and click OK.
Apply the configuration.
In addition, if you don't want to modify the existing rules, you can also create a new DENY access rule which blocks the Audio/Video content and the above listed protocols. Please also ensure that this DENY rule is listed before other ALLOW access rules, which can make sure this rule is enforced before other "allow" rules permit access to the Internet service that you want to restrict.
3rd Party Tools Bandwidth Splitter Overview
Bandwidth Splitter is a program extension for Microsoft ISA Server that supplements it with new features to allow more rational sharing of the existing Internet connection bandwidth and distributing it among all users and servers according to preset rules.
The principal features of Bandwidth Splitter are:
Limiting of the Internet connection bandwidth used by individual users and hosts, as well as groups of users and hosts (traffic shaping,
Setting up quotas for the maximum allowable Internet traffic use (in
megabytes) for a set period of time (a day, a week or a month) for individual users and hosts, as well as groups of users and hosts
Real-time monitoring of all users and their connections through ISA Server by the administrator, including the bandwidths used by individual users and connections
With Bandwidth Splitter you will get the following benefits:
Great real-time monitoring abilities let administrator to effectively control traffic usage
Rational distribution of the Internet channel bandwidth (you establish the rules)
Reducing Internet costs because of limiting non-priority traffic (peer-to-peer exchange, big downloads, etc)
Comfortable work for important users
Limit traffic usage of wasteful users
Saving users' working time because of more guaranteed bandwidth allocation
Users can track their internet activity in real-time using special utility
Save your time because you don't need to generate reports every time you want to know bandwidth usage details. Just see it in real-time.
Download full-featured free version and try it with 10 users
Note: It is possible to install it to server with more than 10 clients. Other clients will work as before.