ISA 2000 configuration question running on 2003, with surfcontrol

I would like to know how to configure ISA 2000 to use proxy for all web request (and use surfcontrol to filter web content) but bridge all other TCP traffic.  
currently how I have it setup users can't publish front page updates and lots of other ports are blocked, I need all ports but 80 to be open and "tunneled".  
The ISA server is behind a firewall but adult/hate content filtering is a priority.  
I also have a Java application that is working but is to slow the way I have the system configured.
rrbiggerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chicagoanCommented:
Start with http://support.microsoft.com/default.aspx?scid=kb;en-us;310129&sd=tech

Your best overall resource is http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/isa/deploy/isaentin.asp

An important consideration, you have to make sure that clients don't have another avenue of accessing the web.
If there are routes out of your network that circumvent the proxy server, a  knowledgable can change their default gateway or add static routes unless you block that traffic.  You might not want all of your traffic going through the ISA server, just your http traffic, depending on whether you intend to deploy VPNs and where, how capable your firewall is, how much traffic you have, what applications you have to support.

You'll have to configure the clients browsers so that the proxy server is the ISA Server computer.
The simplest way is to use an proxy script the users import into their browser.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/cmak_ops_55.asp

>I need all ports but 80 to be open and "tunneled".  
really? kaaza, morpheus, winmx, IRC, messenger, netbios-ns, sql ???
There are some elements to being a good internet neighbor and not allowing certain traffic out and there are security opportunities here that you should take advantage of.
Depending on your router and firewall, you may want to implement some of your packet filtering on them as they might be a better platform.


 

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
asgaraliCommented:
hi rr

i would suggest you to browse thru this site it all about isaserver  http://www.isaserver.org/




stack
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.