• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 744
  • Last Modified:

Restrict Internet Access for specific users in ISA 2004 without restricting internet access to PC that does not have firewall client installed

Well the title says it all...

I need to restrict Internet access for a specific user (not a machine because that user moves from PC to PC).

I am able to do that in ISA 2004 by doing a simple rule that denies access for protocol HTTP/HTTPS from the internal to the external. In the apply to field, I created a No Internet group and I included that user in it.

The rules works well but when it is enabled if I have a PC that does not have the Microsoft Firewall Client for ISA Server 2004 installed, the Internet is restricted for any user loggued on that PC as well... This is a problem because we have Linux/MAC boxes and I cannot restrict them Internet access...

Is there a way I can create a rule that will restrict that specific user while letting the non-firewall client machines accessing the Internet?

Thank you
0
Vision_Globale
Asked:
Vision_Globale
  • 4
  • 2
1 Solution
 
Suliman Abu KharroubIT Consultant Commented:
No, you cant do so in ISA 2004 nor ISA 2006 . because Secure NAT clients dont support authentication.

As work around, you can use DHCP reservation to assign ips to these clients and create rules on isa based on computers not users ( for all users groups).
0
 
Suliman Abu KharroubIT Consultant Commented:
0
 
Suliman Abu KharroubIT Consultant Commented:
also you can use web proxy because it support authentication.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
aimcitpCommented:
Sulimanw is correct. Set up a rule to deny access for a computer set (include that computer in it) . May get real crazy after assigning a static IP address to that computer and make a group policy for that one machine and assign the ISA as its web proxy... Depends on how much you want to do...
0
 
Suliman Abu KharroubIT Consultant Commented:
Web proxy will make the trick, just you need to configure ISA clients as only web proxy clients .
0
 
Vision_GlobaleAuthor Commented:
Ok thank you!

That's what I though but I wanted a confirmation.
0
 
Vision_GlobaleAuthor Commented:
Good
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now