Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Not working like I thought

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Not working like I thought Page: [1]
Login
Message << Older Topic   Newer Topic >>
Not working like I thought - 4.Jun.2008 3:11:15 PM   
dragoonguy

 

Posts: 7
Joined: 29.May2008
Status: offline 		I made an Allow rule, allowing all outbound protocols, for one particular user, to one particular url.

I put this ahead of all other Allow rules. 

It works, but for some reason it denies some people access to some url's other than the one listed.  I thought that with an Allow rule, if rule pertains, then ISA would apply the rule, otherwise ISA would go on down and process rules in order.

Little confused here....?
Post #: 1
RE: Not working like I thought - 4.Jun.2008 7:13:37 PM   
elmajdal

 

Posts: 4944
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		Hi,

Check the Live Logging and see what rule is denying your other users.

do you have a snapshots of your rule?


_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to dragoonguy)
Post #: 2
RE: Not working like I thought - 9.Jul.2008 12:42:38 AM   
dragoonguy

 

Posts: 7
Joined: 29.May2008
Status: offline 		Sorry, had family emergency for two weeks, then had to catch up on other work when got back.

Here is rule:

Allow
All outbound traffic
From: Internal
To: AllowedURLs (youtube.com is only url in this set)
Users: importantPerson's Username 
          ("important person" is why he gets youtube access
Always
Content Types: All

Looking at logs, "some" computers are blocked by this rule. Not sure why a few are blocked whereas most are not.  This rule is first "allow" rule, in order.

Thanks, sorry again took so long.

(in reply to elmajdal)
Post #: 3
RE: Not working like I thought - 10.Jul.2008 12:25:03 AM   
dragoonguy

 

Posts: 7
Joined: 29.May2008
Status: offline 		Think I solved my problem. I made a different rule, a deny rule to domain set containing youtube.com, AllUsers and excepted the user that is allowed to go there.

Seems to work.

(in reply to dragoonguy)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Not working like I thought Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts