• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Restricting internet access

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Restricting internet access Page: [1]
Login
Message << Older Topic   Newer Topic >>
Restricting internet access - 22.Jan.2008 4:35:16 PM   
wlazzell

 

Posts: 17
Joined: 22.Jan.2008
Status: offline
Hello - We recently upgraded from ISA2000 to ISA2006. One of the many problems we have encountered is restricting our internet access. We have 2 groups in Active Directory that allow internet access if you are a member. In our old configuration, this worked fine. In our 2006 environment, when we make a rule allowing access to the internet if you are a member of these 2 groups, then users get a logon window and do not get internet access even with correct credentials. Right now, we allow anyone access to get around this, but I need to lock access down to authorized users.
Any ideas? Thanks!
Post #: 1
RE: Restricting internet access - 23.Jan.2008 3:06:16 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Ok.

How did u setup ISA Server Network Adapters ?

Are the clients and ISA Server Joined to the Same Domain ?

What is the type of your clients ? WebProxy/FirewallClient/SecureNet ?



_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to wlazzell)
Post #: 2
RE: Restricting internet access - 23.Jan.2008 3:48:21 PM   
wlazzell

 

Posts: 17
Joined: 22.Jan.2008
Status: offline
We have 2 NICs, one internal and one external.
The server that ISA 2006 is on is our firewall and it does NAT.
Everything is on the same domain.
Our internet access rule is written to allow all outbound traffic from local host to external to all users anytime.

There is another rule written to allow all outbound traffic from internal network to external to all users anytime.

These rules were written by the people who were paid to come in and install this.

Our internal network is 192.168.200.x/24
Our external network has the IP assigned by the ISP with 2 IP's assigned to it, one for Exchange, the other for our website.

We also use the ISA server as a web proxy, so our clients are actually all 3 types.

(in reply to elmajdal)
Post #: 3
RE: Restricting internet access - 23.Jan.2008 3:55:25 PM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
Set the authentication type to be Integrated.

And clear the Require All Users to Authenticate

(in reply to wlazzell)
Post #: 4
RE: Restricting internet access - 23.Jan.2008 4:12:05 PM   
wlazzell

 

Posts: 17
Joined: 22.Jan.2008
Status: offline
It is already set to be integrated, and Require all users to authenticate is not selected.

I actually had a Microsoft support person look at our configuration and he was unable to figure it out.



(in reply to ITEngineer)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Restricting internet access Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts