Using SSL Decoder to inspect outbound HTTPS traffic on ISA Server 2006 – Part 1

  

Introduction

For many years ISA did a great job inspecting INbound HTTPS traffic, exposing these connections to its powerful HTTP Security Filter and protecting the published web servers. However, it is not able to inspect OUTbound HTTPS connections natively.

There are some third-party plug-ins available on the market that you can use to extend ISA functionality to inspect these kind of traffic, although, you have to pay for them. On this article we will see how to install and configure SSL Decoder (free add-on) to inspect HTTPS connections on ISA firewall.

What is ISA Server Toolkit?

                SSL Decoder is part of an ISA toolkit, developed by Red Line Software. This toolkit comes with many other features for extending ISA’s functionality and make life of ISA firewall administrators easier (like they say on their web site Smile):
  

 

          Config Viewer: Tool designed for the offline analysis of the Microsoft ISA Server (Forefront TMG) configuration.

 

          Keywords Finder: Tool designed to analyze Microsoft ISA Server (Forefront TMG) log files in order to find out what keywords users enter in various search engines.

 

          MDF Viewer: Tool designed to analyze and view Microsoft ISA Server (Forefront TMG) log files stored in the MDF format.

 

          Pascal Script Studio: Tool designed to create, edit, run and debug administration scripts in the Pascal language.

 

          Config Backup: Web filter for Microsoft ISA Server (Forefront TMG) designed to automatically back up the ISA Server (Forefront TMG) configuration.

 

          Response Modifier: Web filter for Microsoft ISA Server (Forefront TMG) designed to automatically replace substrings on returned HTML pages.

 

          Client Host Name Resolver: Web filter for Microsoft ISA Server (Forefront TMG) designed to automatically resolve client IP addresses into DNS computer names and to automatically add new items to the Computers list of the Microsoft ISA Server (Forefront TMG) console.

 

          Client User Name Resolver: Web filter for Microsoft ISA Server (Forefront TMG) designed to automatically convert logins into complete usernames with the help of Active Directory.

 

          URL Normalizer: Web filter for Microsoft ISA Server (Forefront TMG) designed to automatically convert the IP addresses of visited sites into their text representation.

 

          Advanced Web Routing Rules: Web filter for Microsoft ISA Server (Forefront TMG) designed to redirect the outbound web traffic to various servers and upstream proxy servers depending on certain conditions.

 

          SSL Decoder: Web filter for Microsoft ISA Server (Forefront TMG) allowing you to peek inside SSL traffic.

        –       Headers Modifier: Web filter for Microsoft ISA Server (Forefront TMG) that is used to automatically modify web request headers passing through ISA Server (Forefront TMG).

  

 

         Installation of ISA Server Toolkit

The ISA Toolkit installation is very simple and easy, at time of this writing, the current version is 1.4. After you run the program it will present a Welcome screen, click Next button.

 

On License Agreement screen click Next

 

On Choose Components screen we will select only SSL Decoder, since it is the only component we want to install right-now.

  

Now we will choose to Install all components, because we’re installing it on ISA firewall. Later, you can run the program on your worktation and choose to Install Management Console component to manage ISA Toolkit components from your workstation. The ISA Server Toolkit Management Console, integrates on ISA management console.

 

The next screen is a warning saying ISA Toolkit will need to restart Microsoft Firewall service in order to complete the installation. Mark the checkbox and click on Next button.

 

On Choose Install Location screen, we are going to leave the defaults and Click on Install button to start the installation.

 

After the installation finishes, unmark the checkbox and click on Finish button.

 

Summary

This first part series I showed to you what is ISA Server Toolkit, gave a brief description of all it’s components and how to install it on ISA firewall. The next part of the article we will focus on SSL Decoder component and see how it works.

See you next time!!

Follow me on twitter: http://twitter.com/poliveirasilva

 

Advertisements
This entry was posted in ISA Server. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s