Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Newbie Question: is this possible?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Newbie Question: is this possible? - 21.May2007 10:07:27 AM
|
|
|
vstorm
Posts: 1
Joined: 21.May2007
Status: offline
|
Hi all,
Please forgive the very basic question, but I am trying to figure out if ISA is the right software to use.
Here is my situation: we have a customer that wants to have a web proxy. By web proxy, I mean a server that all computers are pointed toward for all http and https traffic. That machine then sends the queries out to the Internet. It needs to be tied into active directory and we would like to give access permissions based on the user id. For example, Group 1 has full access. Group 2 has access to certain sites only, Group 3 has no access, et cetera.
Ok, here is another thing I am not sure is possible. I don't want ISA as the firwall on the perimeter of the network.We already have something there. We are going to make sure that the proxy is used by allowing only http and https from the ISA box. If it doesn't come from that box, then it is rejected.
So, overall architecture would be something like this:
Internal network with ISA box on the network
|
perimeter router (would have ACL to only allow web from ISA box)
|
firwall
|
external router
Is this possible?
Thanks!
Matt
|
|
|
|
|
RE: Newbie Question: is this possible? - 21.May2007 10:44:20 AM
|
|
|
Rotorblade
Posts: 973
Joined: 27.Feb.2007
Status: offline
|
Hi Mike,
quote:
Here is my situation: we have a customer that wants to have a web proxy. By web proxy, I mean a server that all computers are pointed toward for all http and https traffic. That machine then sends the queries out to the Internet. It needs to be tied into active directory and we would like to give access permissions based on the user id. For example, Group 1 has full access. Group 2 has access to certain sites only, Group 3 has no access, et cetera.
ISA server has that capability and more. With access rules, you can be very specific on who and what you want your end-users to have access too.
quote:
Ok, here is another thing I am not sure is possible. I don't want ISA as the firwall on the perimeter of the network.We already have something there. We are going to make sure that the proxy is used by allowing only http and https from the ISA box. If it doesn't come from that box, then it is rejected.
So, overall architecture would be something like this:
Internal network with ISA box on the network
|
perimeter router (would have ACL to only allow web from ISA box)
|
firwall
|
external router
ISA server is a full-featured Firewall and security product. There are several different ways to go about incorporating in your existing network topology and security realm. Your scenario would work and probably the most common; adding ISA as the back-end firewall giving you added security.
There are several articles on this site that will help you with implementation. If you have any questions, drop a post.
Regards,
RB
HTH
RB
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
