• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Blocking Internet Access?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Blocking Internet Access? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Blocking Internet Access? - 11.Oct.2006 12:54:43 PM   
dkraut

 

Posts: 3
Joined: 11.Oct.2006
From: Atlanta, GA
Status: offline
This has got to be easy to do but I'm not finding straight forward info on how to accomplish.  We want to use ISA 2006 to block all users from accessing the Internet by default, while allowing a specified group full access to the Internet.  The ISA server will sit on the Internal net in front of a Netscreen 25 so we do not need firewall functionality, only the ability to filter who can access the Internet.
All clients are Windows XP.

Thoughts?  Thanks!
Post #: 1
RE: Blocking Internet Access? - 11.Oct.2006 3:26:57 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi dkraut,

if you don't use the ISA server as a full blown firewall and therefore don't force all the traffic through the ISA box, how would you think that ISA can control that traffic?

Therefore, use ISA as a full blown firewall and what you wan't to accomplish is easily done.

HTH,
Stefaan

(in reply to dkraut)
Post #: 2
RE: Blocking Internet Access? - 11.Oct.2006 4:08:47 PM   
dkraut

 

Posts: 3
Joined: 11.Oct.2006
From: Atlanta, GA
Status: offline
Hi Stefaan,

Semantics I suppose...  To clarify, all traffic will flow from the internal network through the Internal interface and out the external interface of our ISA server.  The ISA external interface will then default to our Netscreen and then out to the Internet.

I just meant that I was not concerned about the firewall capabilities of ISA and only want to limit who can access the Internet via HTTP / HTTPS.  Is this easily done?

Cheers!


(in reply to spouseele)
Post #: 3
RE: Blocking Internet Access? - 11.Oct.2006 4:25:13 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi dkraut,

if you force all traffic to flow through the ISA server, than you have no other choice than using ISA as a full blown firewall. That means ISA has to handle also all none HTTP/HTTPS traffic, if you like it or not!

BTW --- remember that both NICs bust be on different Network IDs (subnets).

HTH,
Stefaan

(in reply to dkraut)
Post #: 4
RE: Blocking Internet Access? - 19.Oct.2006 1:37:26 PM   
CSDAdmin

 

Posts: 25
Joined: 19.Oct.2006
Status: offline
Would a domain policy forcing all IE clients to ISA, having that traffic leave on another port, and blocking 80 out on firewall work for you?

(in reply to spouseele)
Post #: 5
RE: Blocking Internet Access? - 24.Oct.2006 11:02:00 AM   
itadmin

 

Posts: 30
Joined: 21.Jul.2006
Status: offline
Will the ISA be seen as the gateway to these clients?  If the clients are going through ISA as their gateway, you could just use a coupe of rules.  The default rule on ISA drops all traffic.  Just create a rule that allows certain AD groups to get out to the internet.  You can then create specific allow lists for those groups based on need. 

If all traffic isn't forced through the ISA and they have another way out, this may not work. 


(in reply to CSDAdmin)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Blocking Internet Access? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts