I tried finding an answer to this question without much success, so forgive if it has already been answered.
Here is my question: How can I restrict the access of a group of computers on my network. For example I want a set of computers say with IP Address 192.168.1.11 to 192.168.1.20 to be able to use POP3/SMTP only.
I tried it using the old approach of creating Client Address Sets i.e. creating different 'Network Sets' in ISA Server 2006 but any IP Address outside the 'Internal' network set just wont get access to any internet resource at all.
Please help!
Regards,
Sami
< Message edited by obsaeed -- 1.Dec.2008 6:55:34 AM >
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Sami,
you can create a new computer set and create an access rule allowing only the POP3 and SMTP protocols for the new computer set to the destination mailīs server.
PS: Keep in mind ISA process the rules according to the ORDER column.
I have tried these steps but they did not work for me. Here is what I did: 1. In ISA Management Console expanded the tree to the following Server Name>>Configuration>>Networks 2. In the 'Networks' under the 'Network Tasks' clicked the 'Create a New Network' 3. Provided following information in the resulting wizard a. Network Name: NG Staff b. Network Type: Internal Network c. Network Addresses: Range (192.168.1.11-192.168.1.20) 4. To create a new 'Access Rule' went to 'Server-Name'>>'Firewall Policy' and clicked 'Create Access Rule' under the Tasks section 5. Provided following information in the resulting wizard a. Access Rule Name: Email Only Access b. Rule Action: Allow c. Protocols: POP3 and SMTP d. Access Rule Sources: NG Staff e. Access Rule Destination: External f. User Sets: All Users 6. Rule order is '1'
Now if I have done everything right then it should work; but it does not so there must be something I'm doing wrong.
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Sami,
as I told you before, you should create computer sets and not Networks. Here is what you should do:
1. In ISA Management Console expanded the tree to the following Server Name>>Firewall Policy 2. On the right side of ISA console, select Toolbox >> Network Objects 3. Click New Computer Set 4. Choose a Name and click on Add button 5. Choose Address Range and specify your address range (192.168.1.11-192.168.1.20)
Add this computer set to your allow access rule and it should work.
PS: On Internal Network, you must specify all your internal network range (e.g. 192.168.1.0-192.168.1.255)
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Custom access for different network 
Custom access for different network - 
RE: Custom access for different network - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread