• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Default Rule in use

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Default Rule in use Page: [1]
Login
Message << Older Topic   Newer Topic >>
Default Rule in use - 11.Jun.2007 8:37:45 AM   
petertp

 

Posts: 8
Joined: 11.Jun.2007
Status: offline
We have recently installed ISA 2004 EE - SP3 applied, onto a Win2003 R2 server.  We have created a new policy outside of the default deny all and added a rule allowing all our web users access to the internet.  However even if I try and get access to the internet on the ISA server itself the default deny rule is coming into play instead of our new policy.  the new policy has been specified for use in Enterprise policy settings of the array.  We have configured the ISA Server on a server with a single network adapter and follows the ms best practice on this.

Can anyone give any advice - esp on getting web working initially on the ISA server itself and bypassing the default rule.
Post #: 1
RE: Default Rule in use - 6.Jul.2007 8:48:30 PM   
jmilito

 

Posts: 321
Joined: 10.Oct.2006
From: MICHIGAN, US
Status: offline
You should not use your ISA server to browse with... Besides you have to create a specific rule to allow local host to external in order to browse on the server. On the other hand it sounds like a rule problem. Out of the box ISA will not let you browse until you create the appropriate rules. To get you started...you could create the rule.

Allow > HTTP, HTTPS > Internal to External > All Users

Also as with many of the forum posts I also recommend running the latest version of the ISA BPA tool.

Anyway if the above does not work you could have other issues. Let us know how things are going.

< Message edited by jmilito -- 6.Jul.2007 9:05:43 PM >

(in reply to petertp)
Post #: 2
RE: Default Rule in use - 9.Jul.2007 3:09:53 AM   
petertp

 

Posts: 8
Joined: 11.Jun.2007
Status: offline
thanks jmilito.. I got it working last week.. problem as we have a single network adapter config.. i added local host to the allow http/https rule.. meaning internal/localhost to internal/local host.  also nat'd new serer ip address on checkpoint firewall config.. and this seems to have done the trick.. can browse from ISA server (although i know you are not meant to).. and also users can browse also...

(in reply to jmilito)
Post #: 3
RE: Default Rule in use - 9.Jul.2007 6:22:40 AM   
jmilito

 

Posts: 321
Joined: 10.Oct.2006
From: MICHIGAN, US
Status: offline
Wonderful... Glad you got it fixed. Thanks for responding back to let us all know.

(in reply to petertp)
Post #: 4
RE: Default Rule in use - 9.Jul.2007 10:28:16 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
With "hork mode" (unihomed) configs, all networks are internal -- there can be no other network with hork mode.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jmilito)
Post #: 5
RE: Default Rule in use - 9.Jul.2007 10:54:59 AM   
jmilito

 

Posts: 321
Joined: 10.Oct.2006
From: MICHIGAN, US
Status: offline
Makes sense...  Thanks.  Tom I have to say I get a chuckle every time I read somebody writing about "hork mode" because I imagine it coming from you.  You should patent that label.     

(in reply to tshinder)
Post #: 6
RE: Default Rule in use - 12.Jul.2007 11:18:51 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline


_____________________________

Thomas W Shinder, M.D.

(in reply to jmilito)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> Default Rule in use Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts