From: Sudbury, ON Canada
I'm running an ISA 2004 SP3 EE 2-server array. and I'm having some odd problems that I need help with.
In trying to resolve the odd problems, I first need help understanding why one of my firewall policies is being applied when I would expect it not to be. Now I just finished reviewing this excellent document http://www.isaserver.org/articles/isa2004_accessrules.html and it did shed some light onto ISA's rule processing mechanism. However, I am still perplexed by my situation.
I have a rule near the very top of the list that allows http/https traffic from Internal to a Domain Name Set but only for a specific User Set. The domain name set contains only 3 FQDNs: docline.gov, pubmed.gov and www.ncbi.nlm.nih.gov . The User Set contains several references to security groups in our Windows AD which ISA is a part of.
When I monitor the activity on this rule using ISA's Logging tab, I see Firewall Client traffic (Initiated Connection and Closed Connection) that matches all elements of the policy except for the destination address (domain name set mentioned above). In other words, this rule seems to be allowing traffic going to ANY destination, instead of to the three sites specified in the domain name set. Why is that?? Can someone explain, please??? It makes no sense to me, at all.
A question further to this is, for a Firewall Client log entry, is an “Initiated Connection” the same as an “Allowed Connection” for a Web Proxy log entry?
Thanks in advance for any help you can provide.
< Message edited by jerumball -- 10.May2012 10:56:11 AM >