Leaving lockdown mode, Internal network overview, Computer name and administrator password – HP ProLiant DL320 G4 Server User Manual

Initial setup considerations 9

•

No incoming traffic is allowed unless a system policy rule (listed previously) that specifically allows
the traffic is enabled. The one exception is DHCP traffic, which is always allowed. That is, the UDP
Send protocol on port 68 is allowed from all networks to the local host network. The corresponding
UDP Receive protocol on port 67 is allowed.

•

VPN remote access clients cannot access the ISA Server. Similarly, access is denied to remote site
networks in site-to-site VPN scenarios.

•

Any changes to the network configuration while in lockdown mode are applied only after the
firewall service restarts and ISA Server exits lockdown mode. For example, if you physically move a
network segment and reconfigure ISA Server to match the physical changes, the new topology is in
effect only after ISA Server exits lockdown mode.

•

ISA Server does not trigger any alerts.

Leaving lockdown mode

When the firewall service restarts, the ISA Server exits lockdown mode and continues functioning as it did
previously. Any changes made to the ISA Server configuration are applied after the ISA Server exits
lockdown mode.

Internal network overview

The internal network consists of addresses on the protected network that are not associated with a
perimeter or external network interface. Addresses on the LAN are typically part of the internal network.
The ProLiant DL320 Security Server installation process depends on the correct configuration of the
internal network adapter so that the server system policy is applied correctly. Network infrastructure
services, such as Active Directory service domain controllers, internal DNS servers, DHCP servers,
Microsoft

®

WINS servers, Terminal Services, ICMP, CIFS, and others depend on the correct configuration

of the internal network.

Incorrect configuration of the internal network addresses could lead to a compromise of the ProLiant
DL320 Security Server.

The internal network consists of a collection of addresses representing a portion of a network ID, an entire
network ID, or several network IDs. The internal network can represent all addresses accessible from one
or more network adapters.

Computer name and administrator password

Select a computer name for the ProLiant DL320 Security Server. The server name must be different from
any other computer on the network. No two computers on the network can have the same name. The
computer name must be 15 characters or less in length and include only letters, numbers, and non-
alphanumeric characters (spaces are not allowed). See the computer name database if the server is
installed on a larger network.

NOTE: If the ProLiant DL320 Security Server will join a domain, be sure to comply with existing domain-

wide password policy.

The administrator account has complete access to all components of the ProLiant DL320 Security Server.
Any person connecting to the ProLiant DL320 Security Server with the administrator account can take
control of the firewall and attack the network. Use a complex and difficult-to-guess password for the
administrator account to help prevent attackers from easily guessing the password.

Record and memorize the administrator password used for the ProLiant DL320 Security Server. Store the
password in a protected location after the server installation is completed.