Solved

ISA 2000 configuration question running on 2003, with surfcontrol

Posted on 2003-11-13
5
527 Views
Last Modified: 2013-11-16
I would like to know how to configure ISA 2000 to use proxy for all web request (and use surfcontrol to filter web content) but bridge all other TCP traffic.  
currently how I have it setup users can't publish front page updates and lots of other ports are blocked, I need all ports but 80 to be open and "tunneled".  
The ISA server is behind a firewall but adult/hate content filtering is a priority.  
I also have a Java application that is working but is to slow the way I have the system configured.
0
Comment
Question by:rrbigger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 125 total points
ID: 9745349
Start with http://support.microsoft.com/default.aspx?scid=kb;en-us;310129&sd=tech

Your best overall resource is http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/isa/deploy/isaentin.asp

An important consideration, you have to make sure that clients don't have another avenue of accessing the web.
If there are routes out of your network that circumvent the proxy server, a  knowledgable can change their default gateway or add static routes unless you block that traffic.  You might not want all of your traffic going through the ISA server, just your http traffic, depending on whether you intend to deploy VPNs and where, how capable your firewall is, how much traffic you have, what applications you have to support.

You'll have to configure the clients browsers so that the proxy server is the ISA Server computer.
The simplest way is to use an proxy script the users import into their browser.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/cmak_ops_55.asp

>I need all ports but 80 to be open and "tunneled".  
really? kaaza, morpheus, winmx, IRC, messenger, netbios-ns, sql ???
There are some elements to being a good internet neighbor and not allowing certain traffic out and there are security opportunities here that you should take advantage of.
Depending on your router and firewall, you may want to implement some of your packet filtering on them as they might be a better platform.


 
0
 

Expert Comment

by:asgarali
ID: 9894717
hi rr

i would suggest you to browse thru this site it all about isaserver  http://www.isaserver.org/




stack
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
parent control advice for app searches 4 76
Exchange in house vs office 365 for security 6 71
IT pictures and movies to alert the staff 11 70
bitlocker admin and monitoring 2 44
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question