Monitoring Users and Blocking downloads in ISA 2004 firewall

Posted on 2006-05-31
Last Modified: 2013-11-16
Hi there,

I am network administrator. I am running windows 2003 domain . I have also installed ISA 2004 with service pack2 on windows 2003 server in workgroup mode. My domain users access web and other internet stuff through ISA. This is working fine. I have not installed any isa firewall client on workstations, they are running in secureNAt mode.

My question is How can I monitor my users internet activity e.g. http, ftp, downloads. The idea is to control the bandwidth usage.  Also let me khow if there is any way to block the downloads through ISA 2004.

there are some third party tools on internet which carry out this function , but I am not sure about the security and stability of my current firewall.

Please help me to provide the solution of this query.


Question by:Globrin
    LVL 51

    Accepted Solution

    As your work stations are configured for SecureNAT, I'll assume you have two nics in your server and you are in Firewall mode, not Proxy mode.

    1. Have you configured the reports within ISA server?
    click on monitoring - reports.
    open the toolbox on the right-hand side abd create a report. Use the run now to get a report straightout or schedule them for nightly/weekly/monthly etc.
    depending on whether the users have to authenticate to ISA or not will decide on whether you get full user names listed. Obviously, without being in a domain, you will not have AD or anything to hold names etc.

    2. ISA does not control bandwidth, it simply reports on it.

    3. yes, you can block downloads to various levels.
    Double-click your outbound rule(s) and select content-types.
    the Application content type (marked as application/*) should cover downloads.
    Choose selected protocols only and tick all but application.

    ssave the policy and give it a try. Make sure that there is no rule above this one which might allow the downlaods still.


    Author Comment

    I will try and get back to you.

    LVL 51

    Expert Comment

    by:Keith Alabaster
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Thanks Globrin.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Suggested Solutions

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now