The firewall configuration portion of the Small Business Server Internet Connection Wizard creates a standard set of packet filters for ISA Server necessary to secure your Internet connectivity. You can also enable additional filters for services you would like to use, such as Terminal Server. To ensure proper packet filter configuration, any custom packet filters that have been defined will be disabled by the wizard.
The Small Business Server Internet Connection Wizard will ensure that the Protocol Rules and Site and Content Rules created during Small Business Server Setup are running. These rules restrict outgoing Internet access to members of the BackOffice Internet Users group. All users created by the Small Business Server Add User Wizard are made a member of this group by default.
The Small Business Server Internet Connection Wizard supports creating packet filters and appropriate configurations for the following services:
- My Mail Server (Exchange Server) Allows incoming and outgoing SMTP and POP3 connections for e-mail. To send and receive e-mail from the Small Business Server computer to and from the Internet, this selection is required. It will not prevent client computers in the local network from accessing Internet e-mail, such as POP3 accounts, or Web-based e-mail services, such as Hotmail.
- My Web Server Creates a Web publishing rule that will allow incoming HTTP Web requests from the Internet to be forwarded to the IIS server. Note that content in the Default Web Site is now accessible from the Internet, including services such as OWA.
Note: If a dial-up connection is being used, the Small Business Server Internet Connection Wizard will disable My Web Server. ISA Server does not support the creation of a Web publishing rule with an intermittent connection to the Internet. To work around this, create the Web publishing rule manually after the dial-up connection has been established.
- My Web-based Mail Server This selection has no effect on the configuration of the Small Business Server.
- Virtual Private Networking (PPTP client access) Opens Point-to-Point Tunnelling Protocol (PPTP) filters through the firewall to allow clients on the Internet to VPN into the Small Business Server. To allow VPN clients to connect, this selection is required.
- FTP Opens FTP ports to allow Internet clients to connect to an FTP server on the Small Business Server. Unless absolutely necessary, it is not recommended to open this port.
- Terminal Server Opens Terminal Services port (3389) to allow Terminal Services clients to connect to the Small Business Server remotely.
On occasion, it may be necessary to create custom packet filters to allow additional services from the Internet through the firewall to the Small Business Server computer.