stop download via ISA

Posted on 2009-04-06
Medium Priority
Last Modified: 2013-11-16
Hello, Can you tell me exactly how to stop all downloads via ISA but not stop normal browsing. Also is it possible via grouppolicy. THX.
Question by:prokopovra
  • 2
LVL 15

Expert Comment

ID: 24085207
You have to create a new firewall policy above your standard internet browsing policy in ISA to deny "Application" content type. It will require some level of tweaking to catch all downloads but it is possible.

Author Comment

ID: 24087523
Can you supply that step by step please, Thank you. Also Want to ask you about ISA 2006 , Is it possible to use DDNS services  on ISA server in 2 locations and open a branch to branch always open vpn tunnel for two workgroup networks and not AD , and will ISA work on workgroup networks with dhcp and dns. Thank you.
LVL 15

Accepted Solution

Raj-GT earned 2000 total points
ID: 24087771
To create an access rule...
Right-click Firewall Policy > New > Access Rule >  Type name > Select Deny > Selected protocol and add FTP, HTTP and HTTPS > from - select internal > destination - select external > keep All users or select the user group you want to restrict access to > Finish

Right-click the new access rule you created and select properties. Go to Content Types tab and select "Selected content types" radio button and check "Application" and "Compressed Files" > OK. Move this rule above your current internet access rule, and apply changes.

This should prevent your users from downloading most executables and compressed files from the internet.

As for the VPN question you can use DDNS names and create an L2TP VPN Tunnel between ISAs. The remote network doesn't have to be part of the domain.

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question