ISA server 2006, policy for specific computer.

Posted on 2011-05-08
Last Modified: 2012-06-21
I want to set up a rule for some computer can access the internet, but I cannot.
From Network Objects --> Computers --> New Computers --> (My Computer IP: Allow Access the Internet-----------> I cannot access the internet.

But if I creat that rule and apply for Network Objects --> Networks --> Internal IP Range ( --> ---------> I can access the internet.

What is my problem?

Please help me.
Question by:JameMeck
    LVL 23

    Expert Comment

    by:Suliman Abu Kharroub
    What do you have on users tap ( for authentication ) on server?

    on the client side, what do you use ? secure nat, proxy or ISA FW client ?

    Author Comment

    Authentication by Domain.

    Client by setting system proxy.

    LVL 23

    Expert Comment

    by:Suliman Abu Kharroub
    Just we will check basics..

    Rule order ?
    protocols specified on the rule? http/s...

    Please go to monitoring, traffic simulator--> is the traffic allowed ? which rule applied ?
    LVL 29

    Expert Comment

    If the same PC works fine when you use Internal as the Source,...but does not when you use a Computer Object as the Source (still using the same Rule),...then you are most likely mistakenly using the wrong IP# in the Computer Object.

    Author Comment

    I reconized the problem.

    My computer --> Netscreen Firewall ---> ISA server.

    This is reason why the ISA server cannot know the IP of my computer, ISA only knows the IP of the Netscreen Firewall.

    Any idea for this?
    Please help me.
    LVL 23

    Accepted Solution

    add the internal network ( behind net screen firewall ) to internal network ranges in TMG server. and enable route instead of NAT on net screen firewall.... this should solve the problem.

    But, I dont know if that applicable for you.

    another way is to control your internet access from net-screen firewall... and allow for all on TMG.

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
    In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now