I have seek on the forums and google but see no clear anwser to how ISA 2006 integrates with AD, I just installed the ISA and joined it to my domain, I tried to define a firewall rule to be applied to a AD users group but it seems to have no effect.
Any idea how to make ISA server authenticates agains the AD infraestructure.
From: Amazon, Brazil
Did you installed ISA and then joined the machine to the domain? It´s better you to remove ISA and first join the computer to domain, then install ISA server. Because this way when you´re installing ISA, it will enable the appropriate system rules to communicate with your DC.
I installed the server, then joined to the domain and then installed ISA server. I created a group in AD called webacces and put there some users to test, on ISA I created a FW rule to web browsing and set it to that group.
FW I mean the firewall policy, if I just let the AD web users group as detailed in the pict the client does not access the internet if I add the all users groups then the client can connect the internet.
The client is a Windows XP machine joined to the domain and the browsers are Internet explorer 6 and firefox 3.
< Message edited by sqlcoder -- 8.Aug.2008 5:08:20 PM >
Hi Paulo, thanks for all the help and your patience with me.
The need I have is this, there a few users that needs internet access from those few there a segment that also uses chat and other stuff (the "executives"), so I need to limit the access to 3 main groups: 1. Executives (full internet access) 2. Professionals (limited and time based internet access, no chat) 3. Users (zero access to internet).
Also I need to report how the named users are using the internet, time and sites they browse and so on.
If ISA can handle this and you can help the right point, I might be doing something wrong, you said a fw client: do I have to install another soft on client machines ?
From: Amazon, Brazil
there are three types of ISA clients: SecureNAT: have the ISA´s internal IP address configured as their GW. Can´t authenticate with ISA. Webproxy: have the ISA´s internal IP address configured in their browser. Can authenticate with ISA. Firewall: must install a client sw located on ISA´s installation CD (<cd-rom>:\FPC\setup.exe). Can authenticate with ISA.
As you are a ISA newbie and want to use the great authentication feature, I recommend use webproxy clients. To do that you must configure your clients browser (i.e. Internet Explorer) pointing to ISA´s internal NIC (i.e. 192.168.2.1:8080).