Solved

A simple block external IP in ISA

Posted on 2009-05-04
8
935 Views
Last Modified: 2012-05-06
I want to create a simple deny rule that blocks traffic from Internet address x.x.x.x.  However, because ISA policies revolve around 'publishing' a server, I'm not sure how to do add this simple rule.
0
Comment
Question by:b_levitt
  • 4
  • 2
  • 2
8 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24295829
I think this is what your looking to do,

Create a new client address set in policy elements that contains the external IP address's to block.

create a new publishing rule
     that applies to all internal destinations(or create a client set of internal destinations that you want it blocked from)
     apply the rule to requests from client address sets
     select the set you created to block
     Either disregard or redirect the request.


Restart your services.


zf


0
 
LVL 11

Author Comment

by:b_levitt
ID: 24299566
That's exactly what I want to do, but what kind of publishing rule do I create?  I want to block all traffic.  If I do a server publishing rule I could create a new "IP-Level" Protocol definition, but it will only let me specify a single ip destination.  I suppose the destination doesn't really matter and I could just use a loopback address or something?
0
 
LVL 12

Expert Comment

by:zoofan
ID: 24299947
To block all traffic use a web publishing rule,  server rules are per protocol if memory serves me right.


zf
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 11

Author Comment

by:b_levitt
ID: 24301484
No, that's only going to block port 80.  I'll try using a loop back with a server rule and see how it goes.
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 24302650
Why not create a new access rule to "Deny" "all outbound traffic" from a Specific Computer set to "All Networks (and Local Host)"?
0
 
LVL 11

Author Comment

by:b_levitt
ID: 24311141
I tried that and it doesn't work - access rules seem to be based on internal traffic so "all outbound traffic" is relative to internal  traffic, not to the source specified on the rule.  The default 'deny' system rule seems to have a special "all traffic" value that is not selectable when creating your own access rule.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24312272
You are right! I didn't test it myself but the direction of traffic works based on the From destination normally. I think the easiest way to accomplish what you want is to use the router in front of ISA to block traffic from the selected IP. Most routers these days have basic firewall built in.
0
 
LVL 11

Author Closing Comment

by:b_levitt
ID: 31577547
Turns out you were right raj, I just didn't wait long enough for my original test connection to close so it looked like it was still getting thru.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question