Hello All, I locked down internet access to only members of an AD group who are aupposed to have internet access. In testing everything seems to be OK, however, an interesting side effect has occured. I cannot ping any external sites from any workstation EXCEPT the ISA server. I have been editing the system policies to try and get this to work (our network management tool uses ICMP to check external DNS servers and a VPN connection to an external site). Do I need another access rule to allow ICMP to specific IP addresses? Does anyone have any ideas? My ISA server is a member of the domain.
OK, I found out what I needed to do, I had to move my internet rule down after all my publishing rules (it was blocking outbound e-mail), I also added a rule to allow ICMP immediately prior to my internet rule. My only other issue now is instant messenging. We use it in the IS department. I will think about that one tonight and see if I can figure it out.
Found another issue this morning, WSUS 3.0 will not sync with microsoft's server now. It gives me an HTTP error, so I need a rule allowing HTTP for only the WSUS server, I think. Anyone have any other ideas?
Ok, what worked for my configuration is a rule immediately prior to my internet access rule allowing HTTP and HTTPS only to a defined domain set of microsoft update sites (preconfigured in ISA 2006). A manual syncronization worked with no errors, so I will see how it works tonight. Internet access is still blocked for unauthorized users.