[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

restricting internet access with ISA 2006

Posted on 2009-05-20
6
Medium Priority
?
645 Views
Last Modified: 2012-05-07
we are running ISA 2006 on a windows 2003 server

I am trying to restrict some users to access certain websites only.
i have created access rules for this, but it is not working:

order    name              action            protocols           from/listener        to                   condition
1          block               allow            all outbound       internal                websites        locked users
            restricted                             traffic                 CPN Clients          allowed
            users

2           block               deny           all outbound       internal                 External       locked  users
           restricted                             traffic                 CPN Clients          
            users



users can still go to any other website.  please let me know how i can fix this
0
Comment
Question by:winperez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 24436916
I assume, that "locked users" is a domain group with your locked down users?

This work as long as you have put ISA as proxy into your brwoser proxy setting. Therefore your clients acts as web-proxy client. If no browser proxy settings are set, the clients acts as secure Nat client and take no notice of the user group setting.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24449531
Also, you can disable Rule 1 and just use Rule 2 with "websites allowed" added under the exceptions list in the To tab.
0
 

Expert Comment

by:bateg
ID: 24449572
Can you please explain your infrastructure:

-Is your ISA working as a unihomed with one NIC card or 2 NIC cards in which one is internal and the other is external ) connected to internet )

- Is Isa joined to the domain or working on workgroup?

Regards,
bateg

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:winperez
ID: 24453084
thanks guys,

I was able to correct the problem.  I just needed to create an extra protocol for port 8080 and deny users
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24453255
Port 8080 is usually used for the web proxy client.
The default deny rule will usually block all traffic by default as long there is no rule which allows it again.

Note that rules are accessed on their order. The first rule, which allows access will handle the traffic.
0
 

Accepted Solution

by:
bateg earned 1500 total points
ID: 24457991
also, be carefull from the deny and allow rules arrangement.

i.e : if you give all user allow access to browse facebook.com and under it another rule say that user X cannot access firewall.

The result is that user x will access facebook, That is because isa server read the rules one by one and when it find a rule that meet its category it stop reading the others.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question