Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1014
  • Last Modified:

ISA 2006 URL blocking

i have an ISA 2006 firewall running on Windows 2003 server
i would like to block facebook and other specific URLs to all but a few users
i have created a URL set with just facebook for now
http://www.facebook.com/*
i have created the following rule
action - deny
protocol - all outbound
from - internal (network)
to - facebook URL set
users - all users, exception - user set with a few AD users
schedule - always
content - all content

however, access to facebook still persists for all users.

any advice?
0
netrescue
Asked:
netrescue
  • 6
  • 4
2 Solutions
 
Suliman Abu KharroubIT Consultant Commented:
You need to create a domain name set instead of URL set and use it in the access rule.
0
 
netrescueAuthor Commented:
hi
so i remove the URL set and put a domain name set with "facebook.com" ?
0
 
Suliman Abu KharroubIT Consultant Commented:
yes exactly.

the reason behind that is ISA cant inspect https traffic, so it cant block https://facebook.com... for ISA, you need to use a third party web (https) filler like GFI or Web sence.... but FTMG can inspect https traffic without third party apps.

to work this out in ISA, use domain name set or computer set to block traffic not URL set.

I always use domain name set and it works very well.

if you use computer sets, you have to reconfigure the computer set if the IP address of the destination changed.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
netrescueAuthor Commented:
thanks for the input
i have removed the URL set and added a domain name set with just facebook.com
users are still, however, able to access facebook
anything else i need to do?
0
 
Suliman Abu KharroubIT Consultant Commented:
Open isa logs, from monitoring node, logs tab---> then filter the traffic to show only traffic from a pacific client IP while the client is trying to open facebook.com.. see which rule is allowing that traffic...


also make sure that the rules order is correct. block rule should has high priority ( low order number) over the allow rule.
0
 
netrescueAuthor Commented:
hi
i have moved the rule to the top of the rule list
still not blocked
it finds a rule lower down and allows the traffic to facebook
something is not allowing the traffic to match the rule

anything else i can check?
0
 
Suliman Abu KharroubIT Consultant Commented:
Then use traffic simulator  in ISA server to simulate the traffic. it will help you during the testing...

Check the spilling of facebook in the domain name set and add *.facebook.com to that domain name set...

If that does not work, try to use computer sets.... find the ips of  facebook.com and block them using a computer sets not domain name sets.
0
 
Suliman Abu KharroubIT Consultant Commented:
Any update on this ?
0
 
netrescueAuthor Commented:
got this resolved by using Sulimanw advice by using domain name sets and not URL sets.
0
 
Suliman Abu KharroubIT Consultant Commented:
Great ... Glad to help and thanks for points!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now