?
Solved

ISA server 2006, policy for specific computer.

Posted on 2011-05-08
7
Medium Priority
?
227 Views
Last Modified: 2012-06-21
I want to set up a rule for some computer can access the internet, but I cannot.
From Network Objects --> Computers --> New Computers --> (My Computer IP: 10.107.101.41): Allow Access the Internet-----------> I cannot access the internet.

But if I creat that rule and apply for Network Objects --> Networks --> Internal IP Range (10.107.101.1 --> 10.107.101.254) ---------> I can access the internet.


What is my problem?

Please help me.
0
Comment
Question by:JameMeck
  • 3
  • 3
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35718069
What do you have on users tap ( for authentication ) on server?

on the client side, what do you use ? secure nat, proxy or ISA FW client ?
0
 

Author Comment

by:JameMeck
ID: 35718226
Authentication by Domain.

Client by setting system proxy.

Thanks!
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35718600
Just we will check basics..

Rule order ?
protocols specified on the rule? http/s...

Please go to monitoring, traffic simulator--> is the traffic allowed ? which rule applied ?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 29

Expert Comment

by:pwindell
ID: 35721042
If the same PC works fine when you use Internal as the Source,...but does not when you use a Computer Object as the Source (still using the same Rule),...then you are most likely mistakenly using the wrong IP# in the Computer Object.
0
 

Author Comment

by:JameMeck
ID: 35735771
I reconized the problem.

My computer --> Netscreen Firewall ---> ISA server.

This is reason why the ISA server cannot know the IP of my computer, ISA only knows the IP of the Netscreen Firewall.

Any idea for this?
Please help me.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 2000 total points
ID: 35736005
add the internal network ( behind net screen firewall ) to internal network ranges in TMG server. and enable route instead of NAT on net screen firewall.... this should solve the problem.

But, I dont know if that applicable for you.

another way is to control your internet access from net-screen firewall... and allow for all on TMG.
0
 

Author Closing Comment

by:JameMeck
ID: 35774449
Thanks!!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question