jatinahuja
asked on
ISA 2004 User Authentication
Hi All,
I'm facing a small problem when working with ISA 2004 on SBS 2003. I know that ISA creates an Internet Users group and all my users are a member of this group. I'm trying to set my network in such a way that only specific users have access to internet and everyone has access to only POP and SMTP.
To do that, I created a new Security Group called Mail Users, and I removed all the users I did not want to give internet access to from Internet Users and moved them to Mail Users.
I then created a rule on ISA to Block all HTTP and HTTPS requests from Mail Users, and created a rule to Allow POP right before that. See screenshot attached.
However, as soon as I do that, ISA blocks the Internet for Internet Users as well, so no one has internet working.
Does that make sense?
Do let me know what you think!
Thanks a lot
Jatin
5-22-2009-7-18-53-PM.png
I'm facing a small problem when working with ISA 2004 on SBS 2003. I know that ISA creates an Internet Users group and all my users are a member of this group. I'm trying to set my network in such a way that only specific users have access to internet and everyone has access to only POP and SMTP.
To do that, I created a new Security Group called Mail Users, and I removed all the users I did not want to give internet access to from Internet Users and moved them to Mail Users.
I then created a rule on ISA to Block all HTTP and HTTPS requests from Mail Users, and created a rule to Allow POP right before that. See screenshot attached.
However, as soon as I do that, ISA blocks the Internet for Internet Users as well, so no one has internet working.
Does that make sense?
Do let me know what you think!
Thanks a lot
Jatin
5-22-2009-7-18-53-PM.png
Titan22
Make an allow rule for all users that goes above the deny rule for mail users.
ASKER
Hey..thanks for the reply! :) I'm not at work right now to test it out. But I recall that if I do that, it somehow allows even the Mail Users to have internet, does that make sense? I get the feeling that the ISA install isn't coupled as tightly with AD in my case...hmm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh that's brilliant..I'm going to read that thing up and try somethings at work tomorrow, I'll keep you posted on how that comes along! Thank you! :)