Solved

A simple block external IP in ISA

Posted on 2009-05-04
8
1,013 Views
Last Modified: 2012-05-06
I want to create a simple deny rule that blocks traffic from Internet address x.x.x.x.  However, because ISA policies revolve around 'publishing' a server, I'm not sure how to do add this simple rule.
0
Comment
Question by:b_levitt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24295829
I think this is what your looking to do,

Create a new client address set in policy elements that contains the external IP address's to block.

create a new publishing rule
     that applies to all internal destinations(or create a client set of internal destinations that you want it blocked from)
     apply the rule to requests from client address sets
     select the set you created to block
     Either disregard or redirect the request.


Restart your services.


zf


0
 
LVL 11

Author Comment

by:b_levitt
ID: 24299566
That's exactly what I want to do, but what kind of publishing rule do I create?  I want to block all traffic.  If I do a server publishing rule I could create a new "IP-Level" Protocol definition, but it will only let me specify a single ip destination.  I suppose the destination doesn't really matter and I could just use a loopback address or something?
0
 
LVL 12

Expert Comment

by:zoofan
ID: 24299947
To block all traffic use a web publishing rule,  server rules are per protocol if memory serves me right.


zf
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Author Comment

by:b_levitt
ID: 24301484
No, that's only going to block port 80.  I'll try using a loop back with a server rule and see how it goes.
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 24302650
Why not create a new access rule to "Deny" "all outbound traffic" from a Specific Computer set to "All Networks (and Local Host)"?
0
 
LVL 11

Author Comment

by:b_levitt
ID: 24311141
I tried that and it doesn't work - access rules seem to be based on internal traffic so "all outbound traffic" is relative to internal  traffic, not to the source specified on the rule.  The default 'deny' system rule seems to have a special "all traffic" value that is not selectable when creating your own access rule.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24312272
You are right! I didn't test it myself but the direction of traffic works based on the From destination normally. I think the easiest way to accomplish what you want is to use the router in front of ISA to block traffic from the selected IP. Most routers these days have basic firewall built in.
0
 
LVL 11

Author Closing Comment

by:b_levitt
ID: 31577547
Turns out you were right raj, I just didn't wait long enough for my original test connection to close so it looked like it was still getting thru.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question