PDA

View Full Version : isa server 2004

techsup1983
10-10-2008, 07:34 AM
Hi, hope this is the correct place to post this.
I'm having some issues making a firewall rule work.
What i wanted to do it make a rule so that members of a windows group (global security) can only access a couple of websites.
I followed the guide here.
http://www.sbs-rocks.com/sbs2k3/restrict/RestrictInetUse.htm
but when i try the page doesn't load at all. it just eventually times out and gives me a page cannot be displayed, when i take the rule off it displays the page fine,

I have a xp client that points to my isa 2004 server as the default gateway.

Any suggestions? Thanks.
BosonMichael
10-10-2008, 09:23 AM
Dunno... when I was a network admin, I used to use Websense. Didn't care much for ISA.
techsup1983
10-10-2008, 04:24 PM
ummm...thanks :D
azrael
10-11-2008, 06:08 AM
Are you using Enterprise Edition? You may need to make an enterprise policy also?
supag33k
10-12-2008, 11:01 PM
Well what azrael said makes a good starting point...

Also I would check the rule and recheck members of various groups as if there is an explicit deny anywhere then this will affect the outcome of the web filtering rule.

Some interesting links that may be helpful.....


Http filtering in ISA server 2004 - technet:

http://technet.microsoft.com/en-us/library/cc302627.aspx


Best Practices Firewall policy for ISA 2004 - technet again:

http://technet.microsoft.com/en-us/library/cc302539.aspx


Understanding the ISA server 2004 Rule Processing - isaserver.org:

http://www.isaserver.org/articles/ISA2004_AccessRules.html

HTH

supa
kaylark
01-21-2009, 08:23 PM
You need to use the Webproxy config or ISA Firewall Client if trying to use Windows authentication (I.e Rule conditions based on User Groups)

SecureNAT configuration doesn't allow this. It should actually still go through, but could have a problem in there. Test with WebProxy and see how you go.

So to expand. SecureNat config is whereby you access the Internet by having the gateway set to the ISA Server IP.


Rules are applied, but cannot be done on a user group basis.

Webproxy is by setting your proxy settings in IE or Firefox. This will allow URL filtering based on user groups.
Installing the Firewall client will give you the same result, although webproxy will be enough for you.