• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Only allow certain web sites....

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Only allow certain web sites.... Page: [1]
Login
Message << Older Topic   Newer Topic >>
Only allow certain web sites.... - 11.Apr.2007 7:54:50 PM   
frankenstein897

 

Posts: 34
Joined: 11.Apr.2007
Status: offline
OK, so I have read the domain sets article:
http://www.isaserver.org/articles/2004domainnamesets.html

But, I am running ISA 2006.  And what I want to do is a little different, I think.  I only want to allow certain webs through ISA, nothing else.  We will not allow any other people differnt access.  So, I would prefer that all authenticated users be denied access to all web sites except a small list of web sites.  I have tried to create rules to make this happen but, I either get every site blocked or every site allowed.  I think I am missing something.
Post #: 1
RE: Only allow certain web sites.... - 12.Apr.2007 1:29:50 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

what rules do u have on your ISA server ??

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to frankenstein897)
Post #: 2
RE: Only allow certain web sites.... - 12.Apr.2007 8:21:39 AM   
frankenstein897

 

Posts: 34
Joined: 11.Apr.2007
Status: offline
Just the default deny all rule right now because nothing else is working :-).  This is a new install.

(in reply to elmajdal)
Post #: 3
RE: Only allow certain web sites.... - 12.Apr.2007 8:34:18 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Let start with a basic rule first :

create a new rule :

Action: Allow
Protocols :  HTTP & HTTPS
From : Internal
To : External
Users : All Users


Can you users now surf the internet ??

If the answer is Yes, then lets do some changes in the above rule.

We will replace the External  Network in the TO,  with a Domain Name Set .

Create a new Domain Name set, and include in it the sites you want to allow your users to surf to, name it for example AllowedSites

now your rule should look like this :

Action: Allow
Protocols :  HTTP & HTTPS
From : Internal
To : AllowedSites
Users : All Users


HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to frankenstein897)
Post #: 4
RE: Only allow certain web sites.... - 12.Apr.2007 9:13:36 AM   
frankenstein897

 

Posts: 34
Joined: 11.Apr.2007
Status: offline
OK, it must be something with the setup of my ISA server because I do that and the first part works, I can get to any web site without issue.  But, as soon as I replace the TO with domain name set of the web sites I put in there I can't get to anything.  I am going to go back and look at the configuration and see if I have something messed up.  Thanks, I thought that was how you do it, I just wanted to make sure I wasn't doing something wrong.

Thanks,
Chris

(in reply to elmajdal)
Post #: 5
RE: Only allow certain web sites.... - 12.Apr.2007 11:20:00 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
mmm, did u try using Computer Set instead of Domain Name Set.

Maybe its a name resolution problem .

Create a New Computer Set and start populating it with the IPs of the URLs u want to allow and check if this will work.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to frankenstein897)
Post #: 6
RE: Only allow certain web sites.... - 12.Apr.2007 3:30:54 PM   
frankenstein897

 

Posts: 34
Joined: 11.Apr.2007
Status: offline
I will try that.  Thanks!

(in reply to elmajdal)
Post #: 7
RE: Only allow certain web sites.... - 16.Apr.2007 3:22:35 PM   
frankenstein897

 

Posts: 34
Joined: 11.Apr.2007
Status: offline
Yep, you were right.  It must be a DNS thing becuase when I create a computer set and allow only those IPs it works.  Thanks.

(in reply to frankenstein897)
Post #: 8
RE: Only allow certain web sites.... - 16.Apr.2007 3:31:31 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
 
Thats Greate !!

Thanks For the follow up.


now check this article : http://elmajdal.net/isaserver/Internal_DNS_Forwarding.aspx

Tarek.


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to frankenstein897)
Post #: 9
RE: Only allow certain web sites.... - 16.Apr.2007 4:19:28 PM   
frankenstein897

 

Posts: 34
Joined: 11.Apr.2007
Status: offline
Great article.  Thank you!

(in reply to elmajdal)
Post #: 10
RE: Only allow certain web sites.... - 16.Apr.2007 4:30:03 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
You are most welcome.

Thanks

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to frankenstein897)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Only allow certain web sites.... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts