Welcome to ISAserver.org

Turn on/off option for deny by allow rule

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Wish List >> Turn on/off option for deny by allow rule

Page: [1]

Message

<< Older Topic Newer Topic >>

Turn on/off option for deny by allow rule - 10.Dec.2005 12:28:55 AM

sthe

Posts: 19
Joined: 8.Dec.2005
Status: offline

When ISA matches a packet with an Accept rule but it cant authenticate the user, the allow-policy will deny the traffic instead of go on to the next rule. I would like the option to choose how the ISA will behave about this.
It can be frustrating when you mix FW-client policies and SecureNat policies and the traffic is blocked by an FW Client allow rule in the top when you have an SecureNat Allow rule further down.

Post #: 1

Featured Links*

RE: Turn on/off option for deny by allow rule - 10.Dec.2005 1:10:40 AM

LLigetfa

Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline

Obviously this issue can be overcome by rule ordering, making sure that the anonymous rules are above authenticated rules but I'm guessing you don't want to live by that constraint.

Sort of on the same rule processing logic, I think that exceptions on allow rules should have the option of whether or not to process additional rules or to deny on that exception.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to sthe)

Post #: 2

RE: Turn on/off option for deny by allow rule - 10.Dec.2005 8:23:10 AM

wbplomp

Posts: 138
Joined: 18.Nov.2004
From: Netherlands, The
Status: offline

I totally agree on sthe, it would be nice if it denis on the default last rule.
But if Microsoft gives you the option to enable a rule only for the Firewall or Web Proxy service, that will do for me.

(in reply to LLigetfa)

Post #: 3