I just enabled the SafeSearch feature and it's working great. However, it's only filtering traffic on 'Internal' and I need it to filter on other networks too. I created a duplicate rule (like the one SafeSearch creates automatically) and then applied it to the other networks that I want filtered, and it doesn't work.
My next step is to export my current config and then edit the .xml to allow all three networks (Internal, NetworkB, NetworkC) or better yet, the All Networks option, then import it back into TMG. But I'm hoping that I'm just missing something so I don't have to do that.
Is the SafeSearch limited to just 'Internal' traffic only? If so, then yet again I have to look at a 3rd party solution for my other 2 networks... Please help.
< Message edited by FSPL -- 15.Feb.2011 7:33:56 AM >
Thanks for the quick response Tom. I' having a hard time finding the system policy rule for safe search, could it be under a different name?
-- I see a rule under Firewall Policy Rules not System Policy Rules - nor do I see it in the System Policy Editor. When I open up the properties of the rule, click on the From Tab, the Add button is grayed out and I can't click on it. Is this what you are referring too?
< Message edited by FSPL -- 15.Feb.2011 10:57:44 AM >
I understand that I need to add the selected networks to the SafeSearch System Policy Rule, but the only rule that I see is under Firewall Policy and it doesn't let me add any additional networks. Under the From tab it shows Internal, but the Add button is grayed out, so I can't click on it to add my other two networks. I'm not viewing the rule created in Web Access Policy, I'm looking at the rule in Firewall Rules.
I'm partially convinced that SafeSearch only allows the default Internal connection. Either I'm looking in the wrong place or this is a bug because its not working. Could someone please clearify this for me??? I can't have my public hotspot users searching and looking at boobs anymore...
Tom, thanks again! Talk about a bummer on TMG's part, this is most unfortunate. Would you mind sharing those DMZ tricks with me? At this point, I'm a little desperate to get those two networks filtered. The two networks that I want filtered (along with Internal) are the following:
What you can do is include all the addresses for all three networks as part of the Default Internal Network.
The challange here is that you will need to use another device other than the TMG firewall to route traffic between these networks, since you can't define a route relationship between hosts on the same TMG Firewall Network. That is to say, if you define all of these addresses are part of the same TMG Firewall Network (the default Internal Network) they won't be able to communication *through* the TMG firewall to each other.
Second, I put a ClearOS server in front of my TMG server.
Third, I set up the ClearOS server like the following: Gateway Mode, installed Web Proxy and Content Filter plugins, set the Web Proxy plugin to Transparent Mode. Then I had to manually configure the filter for the search engine url re-writer. Now, ALL traffic leaving the TMG server will get the url filtering.
Finally, depending on your network setup you might have to add some forwarders or route some traffic from your TMG server, but thats it for the most part. I'm a fan of TMG but, ClearOS (and Google) saved the day!