I tried finding an answer to this question without much success, so forgive if it has already been answered.
Here is my question: How can I restrict the access of a group of computers on my network. For example I want a set of computers say with IP Address 192.168.1.11 to 192.168.1.20 to be able to use POP3/SMTP only.
I tried it using the old approach of creating Client Address Sets i.e. creating different 'Network Sets' in ISA Server 2006 but any IP Address outside the 'Internal' network set just wont get access to any internet resource at all.
< Message edited by obsaeed -- 1.Dec.2008 6:55:34 AM >
I have tried these steps but they did not work for me. Here is what I did: 1. In ISA Management Console expanded the tree to the following Server Name>>Configuration>>Networks 2. In the 'Networks' under the 'Network Tasks' clicked the 'Create a New Network' 3. Provided following information in the resulting wizard a. Network Name: NG Staff b. Network Type: Internal Network c. Network Addresses: Range (192.168.1.11-192.168.1.20) 4. To create a new 'Access Rule' went to 'Server-Name'>>'Firewall Policy' and clicked 'Create Access Rule' under the Tasks section 5. Provided following information in the resulting wizard a. Access Rule Name: Email Only Access b. Rule Action: Allow c. Protocols: POP3 and SMTP d. Access Rule Sources: NG Staff e. Access Rule Destination: External f. User Sets: All Users 6. Rule order is '1'
Now if I have done everything right then it should work; but it does not so there must be something I'm doing wrong.
From: Amazon, Brazil
as I told you before, you should create computer sets and not Networks. Here is what you should do:
1. In ISA Management Console expanded the tree to the following Server Name>>Firewall Policy 2. On the right side of ISA console, select Toolbox >> Network Objects 3. Click New Computer Set 4. Choose a Name and click on Add button 5. Choose Address Range and specify your address range (192.168.1.11-192.168.1.20)
Add this computer set to your allow access rule and it should work.
PS: On Internal Network, you must specify all your internal network range (e.g. 192.168.1.0-192.168.1.255)