Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
isa server 2000 rules problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
isa server 2000 rules problem - 23.Sep.2005 7:48:00 AM
|
|
|
Guest
|
My ISA 2000 Server originally only had one site and content rule
Allow any request to all destinations
needing to block web access for a group of users i created a deny rule and added the users from AD ( win2000 ) however it has not worked the users can still surf
I also tried using group policy to change and then block the ip address within IE on each PC but users still managed to surf !
Any help would be appreciated
PS If I change the allow rule that works BUT i dont want to allow several hundred users when its only 10 that i wish to deny
|
|
|
|
|
RE: isa server 2000 rules problem - 23.Sep.2005 3:41:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Sparky1972,
ISA 2000 processes the rules in the following order:
1. Deny rules applying to any request (anonymous).
2. Allow rules applying to any request (anonymous).
3. Deny rules applying to client address sets or users and groups (authenticated).
4. Allow rules applying to client address sets or users and groups (authenticated).
HTH,
Stefaan
|
|
|
|
|
RE: isa server 2000 rules problem - 26.Sep.2005 4:01:00 AM
|
|
|
Guest
|
Stefan
The allow rule applies to any request
The Deny Rule applies to a group of users
I dont have the original ISA media so I am unable to use the " Firewall Client " software
Therefore as far as I can tell all users are un - athenticated ie they surf without re supplying their credential set
|
|
|
|
|
RE: isa server 2000 rules problem - 26.Sep.2005 2:56:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Sparky1972,
because the allow rule is anonymous, the deny rule will *never* kick-in. To solve the problem, all users should authenticate, either by using a web proxy or firewall client.
HTH,
Stefaan
|
|
|
|
|
RE: isa server 2000 rules problem - 28.Sep.2005 3:46:00 AM
|
|
|
Guest
|
Steffan
I tried installing the firewall client on a XP machine but i obviously did not configure it correctly because web access was granted without requiring the user to logon
I have now created a client set instead and used the LAT to block access for the machines in that set
however i now have a further problem how do I allow 3 or 4 websites to be accessed by the denied client set
In short
Q1 - How can I correctly configure the firewall client ??
Q2 - How can I create the exception site list
Thanks
Sparky
|
|
|
|
|
RE: isa server 2000 rules problem - 28.Sep.2005 4:03:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Sparky1972,
must the users be able to use Web protocols (HTTP, HTTPS and tunneled FTP) or also non-Web protocols? The Firewall client is only needed for non-Web protocols.
If the clients are configured as Web Proxy and/or Firewall clients, and both the ISA server and the clients are joined to the internal domain, then the whole authentication process happens behind the scenes. In other words, the users will not be prompted for credentials because the logon credentials will be used.
BTW --- to find out if a user is authenticated, check out the ISA logs.
HTH,
Stefaan
|
|
|
|
|
RE: isa server 2000 rules problem - 20.Oct.2005 12:04:00 PM
|
|
|
Guest
|
1. Check if the clients do not have the gateway ip address. They shouldn't have it.
2. Make sure in the Internet Navigator LAN Settings the proxy + port are specified. Can be done thru a GPO.
|
|
|
|
|
RE: isa server 2000 rules problem - 6.Jun.2008 4:44:13 PM
|
|
|
Irus
Posts: 1
Joined: 6.Jun.2008
Status: offline
|
Hi,
I need some help regarding Protocol Definitions, i had a manually created VBScript file which when executed, used to create a Content Group in ISA 2000, which had ALL the possibLe extensions in 1 Content Group.
i sumhow missed that notepad file :s
Can u help me with that ?
Plus: I need Baretail and SPF-Sygate Personal Firewall Cracked Version.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
