Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3698
  • Last Modified:

ISA server 2004 and users in rules

Hello. I have Isa server 2004 in an active directory environment. I have 1 simple rule, that all authenticated users have rights to port 80 and https. I want to add a rule for skype for certain users but when I add the rule it doesnt matter which users I select, all the users can use skype.
0
editperfil
Asked:
editperfil
  • 6
  • 5
  • 3
1 Solution
 
cbeeeCommented:
make sure the skype rule is above your 'simple' rule in the rulebase.
0
 
editperfilAuthor Commented:
Yes, is the first rule
0
 
cbeeeCommented:
so presumably nobody could access skype before you put the rule in ?

you have an AD group with the skype users in ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
editperfilAuthor Commented:
Yes. I define the users in Isa server. I create a group where I add the AD users
0
 
cbeeeCommented:
Best Practice and easier is to add the users to and AD group then use teh group for the rule.  The same goes for the simple rule.
0
 
editperfilAuthor Commented:
But it doesnt work!!!
0
 
Keith AlabasterEnterprise ArchitectCommented:
I assume Skype is going out over port 80 also?
Open the gui,
select monitoring - logging - click on start query.
Make a Skype connection; are you seeing any additional traffic pass through the log?

Is the ISA in firewall mode or cache mode (one ot two nic's installed)?
Are you using the ISA client on your workstations?
Are you using SecureNAT?
0
 
editperfilAuthor Commented:
Is in firewall. In fact skype is an example. I tried other ports, for example radio and again if i put a rule all users can use it.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Can you answer the rest of the questions please?
0
 
editperfilAuthor Commented:
Is in firewall more
With isa client and without isa client
Yes securenat
0
 
Keith AlabasterEnterprise ArchitectCommented:
How have you set the ISA Proxy?
open the GUI
Select configuration - networks
double-click internal and view the properties.
How are users authenticating for socks and web traffic? Over port 8080?

Open the gui,
select monitoring - logging - click on start query.
Make a Skype connection; are you seeing any additional traffic pass through the log?
0
 
editperfilAuthor Commented:
Over port 8080 with integrated security. I see traffic with skype.
0
 
Keith AlabasterEnterprise ArchitectCommented:
If Skype is using the same port as your standard web proxy traffic then you will not be able to block it in the normal way.

Right-click the outgoing rule and select configure http.
Select signatures.
See the attached link
http://forums.isaserver.org/Skype_Signature/m_2002004505/tm.htm

Regards
Keith
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thank you :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now