• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SafeSearch on All Networks?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> SafeSearch on All Networks? Page: [1]
Login
Message << Older Topic   Newer Topic >>
SafeSearch on All Networks? - 15.Feb.2011 7:32:55 AM   
FSPL

 

Posts: 9
Joined: 24.Jan.2011
From: Dayton, OH
Status: offline
I just enabled the SafeSearch feature and it's working great. However, it's only filtering traffic on 'Internal' and I need it to filter on other networks too. I created a duplicate rule (like the one SafeSearch creates automatically) and then applied it to the other networks that I want filtered, and it doesn't work.

Name: SafeSearch(1) | Action: Allow | Protocols: HTTP, HTTPS | From/Listener: NetworkB, NetworkC | To: Search Engines | Condition: All Users

My next step is to export my current config and then edit the .xml to allow all three networks (Internal, NetworkB, NetworkC) or better yet, the All Networks option, then import it back into TMG. But I'm hoping that I'm just missing something so I don't have to do that. 

Is the SafeSearch limited to just 'Internal' traffic only? If so, then yet again I have to look at a 3rd party solution for my other 2 networks... Please help.

Thank you,

< Message edited by FSPL -- 15.Feb.2011 7:33:56 AM >
Post #: 1
RE: SafeSearch on All Networks? - 15.Feb.2011 8:09:01 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
You need to configure the Safe Search System Policy Rule to include the other TMG Firewall Networks you want it applied to.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FSPL)
Post #: 2
RE: SafeSearch on All Networks? - 15.Feb.2011 8:29:39 AM   
FSPL

 

Posts: 9
Joined: 24.Jan.2011
From: Dayton, OH
Status: offline
Thanks for the quick response Tom. I' having a hard time finding the system policy rule for safe search, could it be under a different name?


-- I see a rule under Firewall Policy Rules not System Policy Rules - nor do I see it in the System Policy Editor. When I open up the properties of the rule, click on the From Tab, the Add button is grayed out and I can't click on it. Is this what you are referring too?


Thanks

< Message edited by FSPL -- 15.Feb.2011 10:57:44 AM >

(in reply to tshinder)
Post #: 3
RE: SafeSearch on All Networks? - 16.Feb.2011 10:30:30 AM   
FSPL

 

Posts: 9
Joined: 24.Jan.2011
From: Dayton, OH
Status: offline
I understand that I need to add the selected networks to the SafeSearch System Policy Rule, but the only rule that I see is under Firewall Policy and it doesn't let me add any additional networks. Under the From tab it shows Internal, but the Add button is grayed out, so I can't click on it to add my other two networks. I'm not viewing the rule created in Web Access Policy, I'm looking at the rule in Firewall Rules.

I'm partially convinced that SafeSearch only allows the default Internal connection. Either I'm looking in the wrong place or this is a bug because its not working. Could someone please clearify this for me??? I can't have my public hotspot users searching and looking at boobs anymore...


Thank you

(in reply to tshinder)
Post #: 4
RE: SafeSearch on All Networks? - 16.Feb.2011 5:58:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Well, I checked it on my machine and you're right - it's hard coded to the default Internal Network :(

There are some tricks you can do to put those DMZ hosts on the default Internal network, that should fix the problem.

Nice find!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FSPL)
Post #: 5
RE: SafeSearch on All Networks? - 17.Feb.2011 6:09:07 AM   
FSPL

 

Posts: 9
Joined: 24.Jan.2011
From: Dayton, OH
Status: offline
Tom, thanks again! Talk about a bummer on TMG's part, this is most unfortunate. Would you mind sharing those DMZ tricks with me? At this point, I'm a little desperate to get those two networks filtered. The two networks that I want filtered (along with Internal) are the following:

Internal: 172.16.0.0 - 172.16.0.255
NetworkA: 172.16.16.0 - 172.16.16.255 and 172.16.17.0 - 172.16.17.255
NetworkB: 192.168.0.0 - 192.168.0.255



Thanks for clearing this up for me

(in reply to tshinder)
Post #: 6
RE: SafeSearch on All Networks? - 17.Feb.2011 8:19:46 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
What you can do is include all the addresses for all three networks as part of the Default Internal Network.

The challange here is that you will need to use another device other than the TMG firewall to route traffic between these networks, since you can't define a route relationship between hosts on the same TMG Firewall Network. That is to say, if you define all of these addresses are part of the same TMG Firewall Network (the default Internal Network) they won't be able to communication *through* the TMG firewall to each other.

Make sense?
Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FSPL)
Post #: 7
RE: SafeSearch on All Networks? - 23.Feb.2011 1:30:39 PM   
FSPL

 

Posts: 9
Joined: 24.Jan.2011
From: Dayton, OH
Status: offline
I found a way around this, heres what I did.

First, I turned off SafeSearch on my TMG server.

Second, I put a ClearOS server in front of my TMG server.

Third, I set up the ClearOS server like the following:
Gateway Mode, installed Web Proxy and Content Filter plugins, set the Web Proxy plugin to Transparent Mode. Then I had to manually configure the filter for the search engine url re-writer. Now, ALL traffic leaving the TMG server will get the url filtering.

Finally, depending on your network setup you might have to add some forwarders or route some traffic from your TMG server, but thats it for the most part. I'm a fan of TMG but, ClearOS (and Google) saved the day!

ClearOS 1, TMG 0

(in reply to tshinder)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> SafeSearch on All Networks? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts