Implementing Monitoring and Reporting

Planning a Monitoring and Reporting Strategy

Why You Should Implement Monitoring
ISA Server is a critical component in an organization’s network infrastructure. If ISA Server is deployed as an Internet-edge firewall, it operates as a firewall that secures the internal network. ISA Server may also be providing secure access to Internet resources for internal clients and access to specified internal resources for Internet clients. If ISA Server is not available, this functionality is disrupted. If ISA Server is being attacked from the Internet, the internal network may be at risk.

There are many reasons for monitoring ISA Server. Some of these include the following:
1- Monitoring traffic flow between networks You must monitor traffic between networks to ensure that your access rules are correctly configured and that only the expected traffic passes through ISA Server. You also need to monitor ISA Server regularly to identify normal and legitimate traffic passing through the server. After you identify a typical traffic pattern, you can detect any variation that
might indicate a potential problem.

2- Troubleshooting network connectivity Monitoring ISA Server is a critical component of troubleshooting network connectivity. For example, if users report that they cannot access resources on the Internet, you can connect to ISA Server to help locate the problem. In this scenario, the problem might be with the client configuration, the ISA Server configuration, or the availability of the Internet resource. By monitoring ISA Server, you can begin troubleshooting by identifying the option most likely to be the source of the problem.

3- Investigating attacks If ISA Server is operating as a firewall, it will inevitably be exposed to attacks from the Internet. If ISA Server is configured correctly, it can detect and block most attacks. However, even if ISA Server successfully blocks the attacks, you should still be aware that the attacks are occurring and be aware of any variations in the normal attack patterns. If a new attack is launched against ISA Server, you must be alerted as quickly as possible that the attack is occurring so that you can determine how to respond to the attack. After the attack is finished, you should also have enough information logged on the ISA Server computer to investigate the attack. Even if the attack fails, investigate the attack pattern to detect possible patterns that may lead to additional attack attempts.

4- Planning By monitoring the computer running ISA Server, you can also gather information you can use for planning modifications to the current ISA Server infrastructure. By collecting performance data over a period of time, you can identify trends and use this information for planning future deployments of ISA Server.