Welcome to ISAserver.org

Web access from the ISA Server

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Web access from the ISA Server

Page: [1]

Message

<< Older Topic Newer Topic >>

Web access from the ISA Server - 18.Jul.2004 4:25:00 PM

vankampenp

Posts: 40
Joined: 29.Jun.2004
From: Netherlands
Status: offline

The default system policy "CRL Download", seems to allow all outbound HTTP connections, there seems to be no filter on CRL donwloads.

When this rule is enabled, I can access any site from the ISA server. When disabled, all HTTP sites are blocked, except the ones mentioned in "Allowed sites"

Is this a bug or a feature?

Post #: 1

Featured Links*

RE: Web access from the ISA Server - 19.Jul.2004 12:48:00 AM

tshinder

Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online

Hi Van,

Not sure what the problem is here. If you want to allow CRL downloads, you have to allow access to all sites, unless you know the exact URLs you expect to download CRLs in advance.

HTH,
Tom

(in reply to vankampenp)

Post #: 2

RE: Web access from the ISA Server - 19.Jul.2004 2:48:00 PM

vankampenp

Posts: 40
Joined: 29.Jun.2004
From: Netherlands
Status: offline

My problem is mainly that this is hidden, the rule says Allow CRL access, not "Allow all web access so CRL downloads can be done". I would have expected some more intelligence of this rule, but at least some clearer statement of what it is doing. Since all URLs for CLR access are administrated, I had assumed this would allow access to the sites for which trusted root certificate auhtorities were present.

But you are right, the buypass is simple, I do not need CRL access if I do not use general web access. For outbound HTTPS sites that I do need, I can provide access to the CRL sites.

(in reply to vankampenp)

Post #: 3