Server publishing rules
Microsoft Internet Security and Acceleration (ISA) Server uses server publishing to process incoming requests to internal servers, such as Simple Mail Transfer Protocol (SMTP) servers, File Transfer Protocol (FTP) servers, Structured Query Language (SQL) servers, and others. Requests are forwarded downstream to an internal server, located behind the ISA Server computer.
Server publishing allows virtually any computer on your internal network to publish to the Internet. Security is not compromised because all incoming requests and outgoing responses pass through ISA Server. When a server is published by an ISA Server computer, the Internet Protocol (IP) addresses that are published are actually the IP addresses of the ISA Server computer. Users who request objects think that they are communicating with the ISA server—whose name or IP address they specify when requesting the object—while they are actually requesting the information from the actual publishing server.
Server publishing rules determine how server publishing functions, essentially filtering all incoming and outgoing requests through the ISA Server computer. Server publishing rules map incoming requests to the appropriate servers behind the ISA Server computer. These rules will grant access dynamically, as specified, from Internet users to the specific publishing server.
The published server is actually a secure network address translation (SecureNAT) client. Because the published server is a SecureNAT client, no special configuration of the published server is required after you create the server publishing rule on the ISA Server computer. Note that ISA Server must be configured as the default gateway on the published server. For more information, see Configuring SecureNAT clients.
Use IP packet filters to publish servers located on a perimeter network (also known as a DMZ, demilitarized zone, and screened subnet). For more information on when to use packet filters and when to use server publishing rules, see Server publishing rules and IP packet filters.
Client address sets
You can limit server publishing rules to specific clients by specifying the client address sets to which the rule applies. Client address sets probably include IP addresses of clients located on the Internet, including those not necessarily in your corporate network. For configuration instructions, see Configure clients for a server publishing rule.
The server publishing rule is applied to client address sets only if IP packet filtering is enabled. If IP packet filtering is not enabled, then the server publishing rule applies to all clients.
When you create the server publishing rule, you specify the following:
For more information, see Configure a server publishing rule action.
How Server Publishing Works
To do this, ISA Server takes these steps:
Suppose you want to allow external clients access to an Simple Mail Transfer Protocol (SMTP) server, whose IP address is 184.108.40.206, and which listens on port 25. You should create a server publishing rule with the following parameters:
To see how server publishing rules are used in a deployment scenario, see Back-to-back perimeter network configuration.