• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Port access for restricted users

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Port access for restricted users Page: [1]
Login
Message << Older Topic   Newer Topic >>
Port access for restricted users - 26.Apr.2010 6:08:39 AM   
Kelvin.uk

 

Posts: 7
Joined: 17.Sep.2009
Status: offline
How would I give users outbound access to TCP port 6502 but still restrict their internet access? At the moment I have a Firewall Policy rule which disabled all internet access except for url exeptions, this works fine:
Action = Deny
Protocols = All outbound traffic
From = Internal
To = External (with url exeptions)

I have tried creating a new Access Rule:
Action = Allow
Protocol = My custom port (6502 TCP Outbound)
From = Internal
To = External

Tried assigning both policies to the same user in ISA or to different users and adding the Windows user account to both groups in Active Directory but nothing seems to work. Please help! ISA 2006 Enterprise Edition

< Message edited by Kelvin.uk -- 26.Apr.2010 6:15:03 AM >
Post #: 1
RE: Port access for restricted users - 26.Apr.2010 8:33:26 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
As long as you have your allow rule placed before your deny rule I think it should work. If it doesn't, you might try configuring an allow rule for your allowed traffic for HTTP and HTTPS only. The default deny rule will block any other unwanted access.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to Kelvin.uk)
Post #: 2
RE: Port access for restricted users - 27.Apr.2010 3:38:28 AM   
Kelvin.uk

 

Posts: 7
Joined: 17.Sep.2009
Status: offline
Hey,

I've done this differently. I edited our proxy grouup policy and added in the two IP's that need to be completly ignored under the exluded list, works for me.

Thanks

(in reply to richardhicks)
Post #: 3
RE: Port access for restricted users - 27.Apr.2010 9:21:02 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
You don't need any Deny Rule at all.  ISA already denies everything that is not already explicitly allowed.

So just allow only what you want allowed and you are done.

_____________________________

Phillip Windell

(in reply to richardhicks)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Port access for restricted users Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts