Allowing specific users to specific internet sites (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Access Policies



Message

egmsteven -> Allowing specific users to specific internet sites (6.Jun.2008 3:56:09 AM)

Hello,

Everyone on the intranet has https-access to the internet, but no I want to allow specific users from the intranet to specific sites to the internet.

I've created an access-rule (allow http) with access from the internal network (specific users) to the specific url (http://annerenneke.eu).

but no access is allowed from the isa himself??? Why any help is welcome!!!!



HePa -> RE: Allowing specific users to specific internet sites (6.Jun.2008 4:26:42 AM)

You should you want to use the web-browser on the ISA server? Surfing the internet from a Firewall is not a good idé! Within a security perspective it's absolutly not a good idéa at all, I hope you understand me. The most of the viruses and attacks come from the internet and through the webbrowser....so I hope this will help you re-evaluate if you really want to allow this?!

If you want to enable this you'll need to edit the system policies on the ISA server, which is the rules that you need to edit for grating or denying access to and from the ISA server.
For further info: http://www.isaserver.org/articles/2004browseronfirewall.html



egmsteven -> RE: Allowing specific users to specific internet sites (6.Jun.2008 4:50:26 AM)

No, I think 've expressed myself wrong.

I would like to let the users access this site from their own workstation (from the intranet).

Access from intranet to internet, but only allowes sites.

Thx



elmajdal -> RE: Allowing specific users to specific internet sites (6.Jun.2008 4:57:33 AM)

what rules do you have on your ISA Server ?

create such a rule :

Rule Name : Allow Selected Users to Specific Sites
Action : Allow
Protocols: HTTP HTTPS
Source : From Internal
Destination :To Domain Name Set
Condition : AD Users/Groups


You will need to create a Domain Name Set that includes that sites you want to allow to your sites , example : *.elmajdal.net [:D]



egmsteven -> RE: Allowing specific users to specific internet sites (6.Jun.2008 5:16:06 AM)

No luck,

I've created the following rule

Name: Allowed Sites
Action: Allow
Protocol: HTTP-HTTPS
Source: internal
Destination: AllowedSites (Domain name Set:   AllowedSites     *.annerenneke.eu)
condition: specific users (me included)

Where is it going wrong???

Message from ISA Error code 502 Proxy error. The ISA server denied the specific URL (12202).



egmsteven -> RE: Allowing specific users to specific internet sites (6.Jun.2008 5:34:49 AM)

New information.

I've did a nslookup www.annerennek.eu

answer:
Name  webfwd2.je-eigen-domain.nl
aliasses: www.anne renneke.eu

I've adapted the Domain name Set to
*.webfwd2.je-eigen-domain.nl
*.je-eigen-domein.nl

Suggestions????



elmajdal -> RE: Allowing specific users to specific internet sites (6.Jun.2008 5:39:34 AM)

Hi,

Are both machines, ISA Server and your machine joined to the same domain ?

Are you logged into the machine with your domain credentials ?

How are forcing authentication on your machine ? have you set the webproxy/installed firewall client ?

Have you installed Service Pack 3 for ISA Server 2004 ?

also, run the Live Logging and check what is denying this traffic.


HTH,
Tarek



egmsteven -> RE: Allowing specific users to specific internet sites (6.Jun.2008 5:50:52 AM)

Hi,

I'am trying to access this site from my XP-machine on the same domain of the ISA>

Logged on with domain credentials.

I've installed the ISA with SP3.


If I place myself in another group (another rule: allow HTTP and HTTPS, internal to external and AD-conditions), I can consult everything on the internet.

Help.....



egmsteven -> RE: Allowing specific users to specific internet sites (6.Jun.2008 5:53:32 AM)

Hello,

I've executed a new test.

Same rule but added www.google.be to the Domain Name Set and I can access google. But still nothing for www.annerenneke.eu

Suggestions???



egmsteven -> RE: Allowing specific users to specific internet sites (6.Jun.2008 8:36:06 AM)

Hello,

Is it possible that it has something to do with the "Alias", because other sites like www.caset.be function properly.

Thanks




elmajdal -> RE: Allowing specific users to specific internet sites (6.Jun.2008 10:21:16 AM)

mmmm, can you monitor the Live Logging and check which rule is blocking it and why



egmsteven -> RE: Allowing specific users to specific internet sites (6.Jun.2008 12:08:04 PM)

No direct suggestions, because i'm lost.....



Page: [1]