I have just installed ISA 2006 onto our firewall machine and am about to do a restrucure of firewall policies. I just wanted to get your opinions as to what would be most secure and efficient.
There are two user groups, Restricted Users and Admin Users. Restricted users are not allowed to access specific domains/URLs, and they are restricted by a schedule. Admin users have virtually 'unrestricted' access to the internet, all domains, all URLS, 24/7 - no schedule.
For arguments sake 'unrestricted' is not fully what it is. ALL users can only access HTTP, HTTPS, POP3, POP3S, SMPT, SMPTS, PING, FTP and a few other custom defined ports for various business systems. In our MIS departments eyes, this is to prevent applications such as Limewire or Torrent programs running.
Is it just the easiest to create two rules, one for Restricted Users and one for Admin Users? Also would you recommend a rule for all users for DNS traffic from Internal to External and External to Internal and a rule for DNS request/reply from all networks to the DHCP server and vice versa?