?
Solved

restricting internet access with ISA 2006

Posted on 2009-05-20
6
Medium Priority
?
641 Views
Last Modified: 2012-05-07
we are running ISA 2006 on a windows 2003 server

I am trying to restrict some users to access certain websites only.
i have created access rules for this, but it is not working:

order    name              action            protocols           from/listener        to                   condition
1          block               allow            all outbound       internal                websites        locked users
            restricted                             traffic                 CPN Clients          allowed
            users

2           block               deny           all outbound       internal                 External       locked  users
           restricted                             traffic                 CPN Clients          
            users



users can still go to any other website.  please let me know how i can fix this
0
Comment
Question by:winperez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 24436916
I assume, that "locked users" is a domain group with your locked down users?

This work as long as you have put ISA as proxy into your brwoser proxy setting. Therefore your clients acts as web-proxy client. If no browser proxy settings are set, the clients acts as secure Nat client and take no notice of the user group setting.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24449531
Also, you can disable Rule 1 and just use Rule 2 with "websites allowed" added under the exceptions list in the To tab.
0
 

Expert Comment

by:bateg
ID: 24449572
Can you please explain your infrastructure:

-Is your ISA working as a unihomed with one NIC card or 2 NIC cards in which one is internal and the other is external ) connected to internet )

- Is Isa joined to the domain or working on workgroup?

Regards,
bateg

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:winperez
ID: 24453084
thanks guys,

I was able to correct the problem.  I just needed to create an extra protocol for port 8080 and deny users
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24453255
Port 8080 is usually used for the web proxy client.
The default deny rule will usually block all traffic by default as long there is no rule which allows it again.

Note that rules are accessed on their order. The first rule, which allows access will handle the traffic.
0
 

Accepted Solution

by:
bateg earned 1500 total points
ID: 24457991
also, be carefull from the deny and allow rules arrangement.

i.e : if you give all user allow access to browse facebook.com and under it another rule say that user X cannot access firewall.

The result is that user x will access facebook, That is because isa server read the rules one by one and when it find a rule that meet its category it stop reading the others.

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question