From: Chicago, IL
Well, I have a handful of FTP users here that need FTP upload capability, which also isn't working at the moment and I can't figure out why, so I was about to start a thread on that..
Anyways.. I just want to add the FTP upload capability to these users without allowing them to do anything else aside from HTTP, and HTTPS. I am testing on my box with the FWC client right now, and I am able to stream, IM, etc..
From: fort frances.on.ca
Just to be clear on the title of this topic, you do NOT restrict access with the FWC, you restrict access at the ISA server with rules. The FWC is just along for the ride.
It is a matter of ordering rules properly, not allowing unlimited access on the first rule. I have dozens of rules, some anonymous and most requiring authentication that allows me to have the granularity of access you are looking for.
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
Instead of creating a Deny rule, create an allow rule.
If you have a group of users, for example, LUSERS, and you want to allow them access only to the HTTP, HTTPS and FTP protocols, then just create a rule that applies to that domain global group that allows them access to those protocols, and then don't create any other allow rules that apply to that group that would extend their access through the ISA firewall.