Create ISA rule to allow only connections on port 80 on specific machine

I have to do some tests on one particular machine in my network.  I want to figure out a way to configure an ISA rule to only allow connections through port 80 on that machine.

I have some basic knowledge of ISA but I hardly ever work with it so I'm a little rusty.  Can anybody give me some direction? Thanks.
Who is Participating?
pwindellConnect With a Mentor Commented:
You don't mess with "ports".

Do this:
(I assume you are stopping HTTPS as well)

1. Create a Computer Set
    Name: PCs Denid HTTP-HTTPS
    Add the IP#s,..or Range,..or Subnet of the effected PC

2. Create a new Access Rule
    Name:  Deny HTTP-HTTPS
    Action: "Deny"
    From: <the computer set you created>
    To: External
    Protocols:  HTTP, HTTPS (along with any other protocol you might choose)
    Users:  "All Users"  (or optionally choose specific users)

This rule must be higher on the Rule List than any other rule that might give them access.

Here are some relevant links.  Both ISA2004 and 2006 work the same way:

Understanding the ISA 2004 Access Rule Processing

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
What do you actually mean by "only allow connections through port 80 on that machine" ?
My point is that we need the "big picture".  We need to know what you really want to do and why.  Normally ISA can only identify a machine by the IP# which does very little good if the machine is using DHCP.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

msomohanoAuthor Commented:
well iI can setup the rule on the TO. by the computer name.  That much I've done before, to deny the http protocol for example to a particular user.  But anyway...

I want to test  our flash player with one specific user and by doing that, it will hopefully, successfully fallback to the RTMPT (HTTP tunneling) protocol over port 80 if a direct RTMP connection on port 1935 fails.  Some people when using proxys and trying to open a flash player the first try fails on 1935 then goes into 80 on the second one.  That's why I need to test this.   don't know if it makes sense yet.

Is it still too confusing?
You cannot use computer names.  You can use IP#s (if not DHCP) or the user name,..that is all.
msomohanoAuthor Commented:
look...wathever, assume i'm using IP's, is there a way to go about it? If I set the rule to deny and then on protocol choose "apply to all outbound traffic except selected, and mark HTTP and on ports pick between 80 and 80...would that work?  If not, is there a way to go about it? or am i even on the right track?
I need your help.  Please post your closing recommendations within a few days.  If you do not respond, I may need to assume that no correct answer was provided.

I didn't know I had to respond to those.  For any that involve me, just do what you think is fair.  If my reply to the asker seemed reasonable  then split points or assign points, even if not the full amount is fine. If my reply didn't amount to anything worth mentioning then no points is fine.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.