I've a regular HTTP access rule like the one below:
Protocols: HTTP (Application Filters: Web Proxy Filter)
Users: InternetWWW (linked to an AD global group)
Content Types: All content types
Internet Explorer 7 is configured manually to use my ISA as a proxy. I can browse any website, which is a normal and required functionality. But I can also browse websites listening on any port (f.e.: http://URL:8081).
I think the ISA web proxy service is responsible for this behaviour. But can anyone tell me why, and how to deny all http traffic except the one destined for destination port 80.
In order to control the wan trafic, you have to install at least two network cards in Isa server, Then , define External interface to the network card conected to Isa gateway , and the other will be the internal interface.
On the external nic you have to assign one ip and a default gateway address to the external network card that is connect to an upstream NAT router . On the Internal nic, you have not default gateway assigned and have to configure your DNS settings to point to an Internal DNS server which is also configured to resolve and forward requests to the Internet, then any packets being sent from the Internal network will traverse through ISA’s external network card, and Isa server can control the trafic. On the Internal Network properties put the IP address ranges that are reachable from the network adapter that is bound to the Internal network object. The External network object represents the connection to the internet and is consider being all networks not associated with the internal network or the protected network. Then for Pc´s in your internal network in order to access Internet, you can use SecureNAT ( Pc.s with default GW to the internal inteface of ISA); the ISA Firewall Client or configure the client as an Web Proxy client; configuring the proxy settings IE to use the ISA server as it’s proxy. If you want to authenticate clients access you have to use the Isa firewall client or Web Proxy. If you only use Web proxy client you cannot control wan traffic. http://msdn2.microsoft.com/en-us/library/ms812546.aspx