Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ISA 2000 configuration question running on 2003, with surfcontrol

Posted on 2003-11-13
5
Medium Priority
?
533 Views
Last Modified: 2013-11-16
I would like to know how to configure ISA 2000 to use proxy for all web request (and use surfcontrol to filter web content) but bridge all other TCP traffic.  
currently how I have it setup users can't publish front page updates and lots of other ports are blocked, I need all ports but 80 to be open and "tunneled".  
The ISA server is behind a firewall but adult/hate content filtering is a priority.  
I also have a Java application that is working but is to slow the way I have the system configured.
0
Comment
Question by:rrbigger
5 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
ID: 9745349
Start with http://support.microsoft.com/default.aspx?scid=kb;en-us;310129&sd=tech

Your best overall resource is http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/isa/deploy/isaentin.asp

An important consideration, you have to make sure that clients don't have another avenue of accessing the web.
If there are routes out of your network that circumvent the proxy server, a  knowledgable can change their default gateway or add static routes unless you block that traffic.  You might not want all of your traffic going through the ISA server, just your http traffic, depending on whether you intend to deploy VPNs and where, how capable your firewall is, how much traffic you have, what applications you have to support.

You'll have to configure the clients browsers so that the proxy server is the ISA Server computer.
The simplest way is to use an proxy script the users import into their browser.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/cmak_ops_55.asp

>I need all ports but 80 to be open and "tunneled".  
really? kaaza, morpheus, winmx, IRC, messenger, netbios-ns, sql ???
There are some elements to being a good internet neighbor and not allowing certain traffic out and there are security opportunities here that you should take advantage of.
Depending on your router and firewall, you may want to implement some of your packet filtering on them as they might be a better platform.


 
0
 

Expert Comment

by:asgarali
ID: 9894717
hi rr

i would suggest you to browse thru this site it all about isaserver  http://www.isaserver.org/




stack
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
If you are like me and like multiple layers of protection, read on!
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question