Default Rule in use (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General



Message


petertp -> Default Rule in use (11.Jun.2007 8:37:45 AM)

We have recently installed ISA 2004 EE - SP3 applied, onto a Win2003 R2 server.  We have created a new policy outside of the default deny all and added a rule allowing all our web users access to the internet.  However even if I try and get access to the internet on the ISA server itself the default deny rule is coming into play instead of our new policy.  the new policy has been specified for use in Enterprise policy settings of the array.  We have configured the ISA Server on a server with a single network adapter and follows the ms best practice on this.

Can anyone give any advice - esp on getting web working initially on the ISA server itself and bypassing the default rule.




jmilito -> RE: Default Rule in use (6.Jul.2007 8:48:30 PM)

You should not use your ISA server to browse with... Besides you have to create a specific rule to allow local host to external in order to browse on the server. On the other hand it sounds like a rule problem. Out of the box ISA will not let you browse until you create the appropriate rules. To get you started...you could create the rule.

Allow > HTTP, HTTPS > Internal to External > All Users

Also as with many of the forum posts I also recommend running the latest version of the ISA BPA tool.

Anyway if the above does not work you could have other issues. Let us know how things are going.




petertp -> RE: Default Rule in use (9.Jul.2007 3:09:53 AM)

thanks jmilito.. I got it working last week.. problem as we have a single network adapter config.. i added local host to the allow http/https rule.. meaning internal/localhost to internal/local host.  also nat'd new serer ip address on checkpoint firewall config.. and this seems to have done the trick.. can browse from ISA server (although i know you are not meant to).. and also users can browse also...




jmilito -> RE: Default Rule in use (9.Jul.2007 6:22:40 AM)

Wonderful... Glad you got it fixed. Thanks for responding back to let us all know.




tshinder -> RE: Default Rule in use (9.Jul.2007 10:28:16 AM)

With "hork mode" (unihomed) configs, all networks are internal -- there can be no other network with hork mode.

HTH,
Tom




jmilito -> RE: Default Rule in use (9.Jul.2007 10:54:59 AM)

Makes sense...  Thanks.  Tom I have to say I get a chuckle every time I read somebody writing about "hork mode" because I imagine it coming from you.  You should patent that label.  [:D]   




tshinder -> RE: Default Rule in use (12.Jul.2007 11:18:51 AM)

[:D]




Page: [1]