Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

i need to make separate download for users

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> i need to make separate download for users Page: [1]
Login
Message << Older Topic   Newer Topic >>
i need to make separate download for users - 13.Jun.2006 2:57:44 PM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		Hi All;
I have windows 2003 server and ISA Server 2004 Standard edition and i make it a SecureNat
We Have a Small Network Here , all clients is Windows XP Pro , and i didnt have DHCP Server or Active Directory on the server
i`ll put all IP`s Manualy in the clients.

Now i can block the download for all users , but how if i need to make some clients separate .
for ex. user 1 , 2 , 3 cant access the download but the user 4 , 5 , 6 can download ...

pls who is can help me???


Post #: 1
RE: i need to make separate download for users - 15.Jun.2006 6:55:31 AM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		Hello Please0...

(in reply to owl_sniper)
Post #: 2
RE: i need to make separate download for users - 15.Jun.2006 4:12:15 PM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		hello there??

(in reply to owl_sniper)
Post #: 3
RE: i need to make separate download for users - 16.Jun.2006 11:25:18 AM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		hello again

(in reply to owl_sniper)
Post #: 4
RE: i need to make separate download for users - 16.Jun.2006 11:37:13 AM   
elmajdal

 

Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

Now i can block the download for all users , but how if i need to make some clients separate .
for ex. user 1 , 2 , 3 cant access the download but the user 4 , 5 , 6 can download ...


ok your users are secureNat , then u cant control them by usernames.

what u can do is to create seperate rules, and each rule contains the COMPUTER SET that include the IP of the machines u want to allow users using these machines to be able to download.


users 1 ,2 , 3  have IP addresses 192.168.0.1, 192.168.0.2, 192.168.0.3
create a rule for these Computer Set and dont allow them to download


now users 4 ,5,6 have IP address 192.168.0.4 , 192.168.0.5, 192.168.0.6
create a rule for these Computer Set and allow them to download



HTH

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to owl_sniper)
Post #: 5
RE: i need to make separate download for users - 19.Jun.2006 9:30:40 AM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		hi elmajdal...

So...
firstly .. i will go to firewall policy then i will chose from the toolbox ==> network objects and i`ll chose computer sets and make new set for the computers IP`s .

then i`ll make a new rule it is:
name: access download
action: deny or allow
protocols : all outbound protocols
from: external , internal and local host
to : ????
users:????

please can you help me about the rule again
i mean can you type the steps for the access please ...

(in reply to elmajdal)
Post #: 6
RE: i need to make separate download for users - 21.Jun.2006 7:25:21 AM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		Hello elmajdal pls

(in reply to owl_sniper)
Post #: 7
RE: i need to make separate download for users - 22.Jun.2006 7:58:19 AM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline

(in reply to owl_sniper)
Post #: 8
RE: i need to make separate download for users - 22.Jun.2006 12:11:04 PM   
elmajdal

 

Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

then i`ll make a new rule it is:
name: access download
action: deny or allow
protocols : all outbound protocols
from: external , internal and local host
to : ????
users:????



Why r u putting External in your From section !!!

whats not clear in
quote:

what u can do is to create seperate rules, and each rule contains the COMPUTER SET that include the IP of the machines u want to allow users using these machines to be able to download.


users 1 ,2 , 3  have IP addresses 192.168.0.1, 192.168.0.2, 192.168.0.3
create a rule for these Computer Set and dont allow them to download


now users 4 ,5,6 have IP address 192.168.0.4 , 192.168.0.5, 192.168.0.6
create a rule for these Computer Set and allow them to download


_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to owl_sniper)
Post #: 9
RE: i need to make separate download for users - 23.Jun.2006 12:52:01 PM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		ok sir (whats a not clear)
how to allow or deny the users IP`s??
i mean if i want to make allow to some users what i can do?
if i make the rule below i didnt find the users like
name: allow download users
action : allow
protocols: all outbound protocols
from: internal , local host
to: external , local host
users : all users (here what i can do) becuase i didnt find the users who is created .

the last rule is right?
and how to chose the users whom i want??


thx elmajdal for all


(in reply to elmajdal)
Post #: 10
RE: i need to make separate download for users - 25.Jun.2006 9:52:20 AM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		Mr. Elmajdal Please

(in reply to owl_sniper)
Post #: 11
RE: i need to make separate download for users - 25.Jun.2006 11:42:26 AM   
elmajdal

 

Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ok sir (whats a not clear)
how to allow or deny the users IP`s??

u r using SecureNat client so u can only control by IP .
if u r using Web proxy client or/and Firewall Clients , then u can control by username and user groups.


now because u r using securenat , u can control which IPs u want to control by creating a Computer Set or an Address Range .

quote:

if i make the rule below i didnt find the users like
name: allow download users
action : allow
protocols: all outbound protocols
from: internal , local host
to: external , local host
users : all users (here what i can do) becuase i didnt find the users who is created .


name: allow download users
action : allow
protocols: all outbound protocols
from: Allow Download
to: external
users : all users




name: allow download users
action : allow
protocols: all outbound protocols
from: No Download
to: external
users : all users




P.S. u can use the address range u want, i just put these ranges as an example.


hope everything is clear now.



_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to owl_sniper)
Post #: 12
RE: i need to make separate download for users - 25.Jun.2006 3:53:17 PM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		realy thx alot man..

so.. also i can allow the http or https to some users and deny also.?
i can deny the internet for some users and allow the outlook just??
i can deny or allow some sites for some users??


now :
if i want to make this , i think it should be make new access for it
for example i have this rule :
name: net access
action : allow
protocols: all outbound protocols
from:internal , local host
to: external (here i configure the http to block some files formats like .zip , .exe , .rar ,... etc)
users : all users

now if i want to make new rules for deny or allow the download or access some sites or cut the internet , it should be remove the last rule or it is ok?? and make the new rules???


thx elmajdal


(in reply to elmajdal)
Post #: 13
RE: i need to make separate download for users - 25.Jun.2006 8:40:08 PM   
elmajdal

 

Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

now if i want to make new rules for deny or allow the download or access some sites or cut the internet , it should be remove the last rule or it is ok?? and make the new rules???


yes, delete it ,  because the rule :
quote:

name: net access
action : allow
protocols: all outbound protocols
from:internal , local host
to: external (here i configure the http to block some files formats like .zip , .exe , .rar ,... etc)
users : all users


includes your internal network address range.

so if u want some users to be able to download , others cant download , some can have pop3 access and .....

u need to create different access rules ,each with its computer Set/Address range.

HTH



_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to owl_sniper)
Post #: 14
RE: i need to make separate download for users - 26.Jun.2006 7:33:06 AM   
owl_sniper

 

Posts: 89
Joined: 23.Mar.2006
Status: offline 		thx alot elmajdal
thx for all


The Owl


(in reply to elmajdal)
Post #: 15
RE: i need to make separate download for users - 26.Jun.2006 10:12:18 AM   
elmajdal

 

Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		ya ahlen

Regards,
Tarek

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to owl_sniper)
Post #: 16

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> i need to make separate download for users Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts