Export, Import, and Backup Functionality in ISA Server 2004

  • Article

Microsoft Internet Security and Acceleration (ISA) Server 2004 includes an export and import feature that you can use to save ISA Server configuration parameters to an .xml file. You can use the configuration in the file as a backup to your configuration, or to copy the configuration to another ISA Server computer.

You can export on many levels in ISA Server. For example, you can export an entire firewall policy, a single rule, or a single network object. Also, you can back up your entire configuration so that you can restore it at a later date.

Note

Passwords are encrypted during export. Other data in the exported backup file is not encrypted. The exported ISA Server configuration data in the backup files should be treated as sensitive data that has the potential for information disclosure.

Scenarios and Solutions

Using ISA Server 2004, you:

  • Have configured your ISA Server computer, and want to back up the entire configuration, to save in case of catastrophic failure. This would allow you to restore the configuration from the backup file. The solution is to back up a complete configuration, as described in Procedure 1.
  • Want to copy the complete configuration to a second ISA Server computer. The solution is to export a complete configuration, and then import it to the second ISA Server computer. Follow Procedure 1 to export the configuration, and Procedure 2 to import it.
  • Want to set up another ISA Server computer with the same policy as the one that you have configured, but the server is located in a different part of the network, possibly in another domain, and has different network relationships. You cannot use the complete configuration. The solution is to export the firewall policy, import it to the other ISA Server computer, and then modify network details in the firewall policy rules as necessary. Follow Procedure 3 to export the configuration, and Procedure 4 to import it.
  • Want to create a list of Uniform Resource Locators (URLs) that will not be accessible from your Internal network. You want to provide this list as a service to other companies running ISA Server. Follow Procedure 5 to export a URL set, and Procedure 6 to import it.

Note

Procedure 5 and Procedure 6 can be used to export other elements of the firewall policy, such as rules and rule elements, or to export networks, network rules, or Web chaining rules.

Export, Import, and Backup Walk-through

This walk-through contains the following procedures:

  • Back up a complete configuration
  • Restore a configuration
  • Export firewall policy
  • Import firewall policy
  • Export a URL set
  • Import a URL set

Export, Import, and Backup Walk-through Procedure 1: Back Up a Complete Configuration

Follow this procedure to back up a complete configuration, to save in case of a catastrophic failure.

  1. Right-click the name of the ISA Server computer, and click Back Up.

  2. In Backup Configuration, provide the location and name of the file to which you want to save the configuration, and click Back Up. Choose a meaningful name, and consider including the date in the name of the file, such as Cleveland Branch ISA Backup 16 April 2004.

  3. When you back up a configuration, you have to provide a password for the backup file in the Set Password dialog box, and then click OK to start the backup operation. If the backup includes confidential information you will require the password to restore the configuration from the backup file.

  4. When the backup operation has completed, click OK.

    Note

    Because the .xml file is being used as a backup, a copy of it should be saved on another computer, in case of catastrophic failure of the ISA Server computer.

Export, Import, and Backup Walk-through Procedure 2: Restore a Configuration

Follow this procedure to restore a configuration to the ISA Server computer from which you exported the configuration.

  1. Right-click the name of the ISA Server computer, and click Restore.
  2. In Restore Configuration, provide the location and name of the file from which you want to restore the configuration, and click Restore.
  3. In the Open the Imported File dialog box, provide the password for the backup file, and then click OK to begin the restore operation.
  4. When the restore operation has completed, click OK.
  5. If the configuration you restore is different from the configuration that existed on the computer prior to the restore operation, you must click Apply in the details pane to apply the changes caused by the import. If you click Discard, the changes caused by the restore will not be applied. (The configuration will be identical to that which existed before the restore operation.)

Export, Import, and Backup Walk-through Procedure 3: Export Firewall Policy

Follow this procedure to export a firewall policy, so that you can set up another ISA Server computer, which is located in a different part of the network with different network relationships.

  1. Expand Microsoft ISA Server Management.
  2. Right-click Firewall Policy, and click Export.
  3. In Export Configuration, provide the location and name of the file to which you want to save the firewall policy. Choose a meaningful name, and consider including the date in the name of the file, such as Firewall Policy Export 15 September 2004. You can also select the following options:
    • You can choose to export user permission settings, by selecting Export user permission settings. User permission settings contain the security roles of ISA Server users, for example, indicating who has administrative rights.
    • You can choose to export confidential information. If you do, it will be encrypted during export. If you want to export confidential information, select Export confidential information.
  4. Click Export. If you are exporting confidential information, you will be prompted to provide a password in the Set Password dialog box.
  5. When the export operation has completed, click OK.

Export, Import, and Backup Walk-through Procedure 4: Import Firewall Policy

Follow this procedure to import a firewall policy, so that you can set up another ISA Server computer, which is located in a different part of the network with different network relationships.

  1. Expand Microsoft ISA Server Management.
  2. Right-click Firewall Policy, and click Import.
  3. In Import Configuration, provide the location and name of the file from which you want to import the firewall policy. You can also select the following options:
    • You can choose to import user permission settings, by selecting Import user permission settings.
    • You can choose to import cache drive settings and SSL certificate usage configuration by selecting Import cache drive settings and SSL certificates. This may be inappropriate when copying a policy to another server, because these selections tend to be specific to a particular server.
  4. Click Import. If you are importing confidential information, you will be prompted to provide a password in the Type Password to Open File dialog box. When the import operation has completed, click OK.
  5. If the configuration you imported is different from the configuration that existed on the computer prior to the import operation, you must click Apply in the details pane to apply the changes caused by the import.

Export, Import, and Backup Walk-through Procedure 5: Export a URL Set

Follow this procedure to export a URL set, so that you can create a list of URLs that will not be accessible from your Internal network, and provide this list to other companies running ISA Server. You can use this approach to export other elements of the firewall policy, such as rules and rule elements, or to export networks, network rules or Web chaining rules, by right-clicking that element rather than the URL set.

  1. Expand Microsoft ISA Server Management.
  2. Click Firewall Policy.
  3. In the task pane, on the Toolbox tab, select Network Objects, and then expand URL Sets.
  4. Right-click the URL set that you want to export and click Export Selected.
  5. In Export Configuration, provide the location and name of the file to which you want to save the URL set. Choose a meaningful name, and consider including the date in the name of the file, such as Sport Site URLs 20 January 2004. There is no need to select either Export confidential information or Export user permission settings. For an explanation of these options, see Procedure 3.
  6. Click Export. When the export operation has completed, click OK.

Export, Import, and Backup Walk-through Procedure 6: Import a URL Set

Follow this procedure to import a URL set. You can use this approach to import other elements of the firewall policy, such as rules and rule elements, or to import networks, network rules, or Web chaining rules, by right-clicking that element rather than the URL set.

  1. Expand Microsoft ISA Server Management.

  2. Click Firewall Policy.

  3. Right-click URL Set, and click Import.

  4. In Import Configuration, provide the location and name of the file from which you want to import the URL set. In the case of importing a URL set, there is no need to select Import user permission settings or Import cache drive settings and SSL certificates. For an explanation of these options, see Procedure 4.

  5. Click Import.

  6. When the import operation has completed, click OK.

  7. If the configuration you imported is different from the configuration that existed on the computer prior to the import operation, you must click Apply in the details pane to apply the changes caused by the import.

    Important

    If you select Import to selected, rather than Import, you will import a rule or rule element€™s properties into the selected rule or rule element, while the name of that rule or rule element remains the same.