Initial setup considerations, Firewall lockdown mode, Affected functionality – HP ProLiant DL320 G4 Server User Manual
Page 8
Initial setup considerations 8
Initial setup considerations
In this section
Firewall lockdown mode ........................................................................................................................... 8
Internal network overview.......................................................................................................................... 9
Computer name and administrator password............................................................................................... 9
Workgroup and domain name considerations ........................................................................................... 10
Internal IP address .................................................................................................................................. 11
DNS server address on the internal interface ............................................................................................. 12
Custom network adapter configurations .................................................................................................... 13
External IP address ................................................................................................................................. 14
Firewall lockdown mode
The ProLiant DL320 Security Server is defending itself right out of the box by applying the firewall
lockdown mode. The ProLiant DL320 Security Server can be set up while it is connected to the internal
network and to the Internet because the firewall lockdown mode is active.
A critical function of a firewall is to react to an attack. When an attack occurs, it might seem that the first
line of defense is to disconnect from the Internet, isolating the compromised network from malicious
outsiders. However, HP does not recommend this approach. Although the attack must be handled, normal
network connectivity must be resumed as quickly as possible, and the source of the attack must be
identified.
The lockdown feature introduced with ISA Server 2004 combines the need for isolation with the need to
stay connected. Whenever the Microsoft
®
firewall service is down, the ISA Server enters the lockdown
mode, which occurs when:
•
The server is starting up and the firewall service has not yet started.
•
An event triggers the firewall service to shut down. When configuring alert definitions, configure the
firewall service by determining which events will cause the firewall service to shut down.
•
The firewall service is manually shut down. If a malicious attack occurs while configuring the ISA
Server computer, shut down the firewall service, and the network can handle the attack.
Affected functionality
When in lockdown mode, the following functionality applies:
•
The FWENG applies the firewall policy.
•
The following system policy rules are still applicable:
•
Allow ICMP from trusted servers to the local host
•
Allow remote management of the firewall using MMC (RPC through port 3847)
•
Allow remote management of the firewall using the RDP
•
Outgoing traffic from the local host network to all networks is allowed. If an outgoing connection is
established, that connection can be used to respond to incoming traffic. For example, a DNS query
can receive a DNS response on the same connection.