A simple block external IP in ISA

I think this is what your looking to do,

Create a new client address set in policy elements that contains the external IP address's to block.

create a new publishing rule
     that applies to all internal destinations(or create a client set of internal destinations that you want it blocked from)
     apply the rule to requests from client address sets
     select the set you created to block
     Either disregard or redirect the request.


Restart your services.


zf

That's exactly what I want to do, but what kind of publishing rule do I create?  I want to block all traffic.  If I do a server publishing rule I could create a new "IP-Level" Protocol definition, but it will only let me specify a single ip destination.  I suppose the destination doesn't really matter and I could just use a loopback address or something?

To block all traffic use a web publishing rule,  server rules are per protocol if memory serves me right.


zf

No, that's only going to block port 80.  I'll try using a loop back with a server rule and see how it goes.

I tried that and it doesn't work - access rules seem to be based on internal traffic so "all outbound traffic" is relative to internal  traffic, not to the source specified on the rule.  The default 'deny' system rule seems to have a special "all traffic" value that is not selectable when creating your own access rule.

You are right! I didn't test it myself but the direction of traffic works based on the From destination normally. I think the easiest way to accomplish what you want is to use the router in front of ISA to block traffic from the selected IP. Most routers these days have basic firewall built in.

Turns out you were right raj, I just didn't wait long enough for my original test connection to close so it looked like it was still getting thru.