ISA 2000 configuration question running on 2003, with surfcontrol

I would like to know how to configure ISA 2000 to use proxy for all web request (and use surfcontrol to filter web content) but bridge all other TCP traffic.  
currently how I have it setup users can't publish front page updates and lots of other ports are blocked, I need all ports but 80 to be open and "tunneled".  
The ISA server is behind a firewall but adult/hate content filtering is a priority.  
I also have a Java application that is working but is to slow the way I have the system configured.
rrbiggerAsked:
Who is Participating?
 
chicagoanCommented:
Start with http://support.microsoft.com/default.aspx?scid=kb;en-us;310129&sd=tech

Your best overall resource is http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/isa/deploy/isaentin.asp

An important consideration, you have to make sure that clients don't have another avenue of accessing the web.
If there are routes out of your network that circumvent the proxy server, a  knowledgable can change their default gateway or add static routes unless you block that traffic.  You might not want all of your traffic going through the ISA server, just your http traffic, depending on whether you intend to deploy VPNs and where, how capable your firewall is, how much traffic you have, what applications you have to support.

You'll have to configure the clients browsers so that the proxy server is the ISA Server computer.
The simplest way is to use an proxy script the users import into their browser.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/cmak_ops_55.asp

>I need all ports but 80 to be open and "tunneled".  
really? kaaza, morpheus, winmx, IRC, messenger, netbios-ns, sql ???
There are some elements to being a good internet neighbor and not allowing certain traffic out and there are security opportunities here that you should take advantage of.
Depending on your router and firewall, you may want to implement some of your packet filtering on them as they might be a better platform.


 
0
 
asgaraliCommented:
hi rr

i would suggest you to browse thru this site it all about isaserver  http://www.isaserver.org/




stack
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.