• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Ordering the rules

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Ordering the rules Page: [1]
Message << Older Topic   Newer Topic >>
Ordering the rules - 5.Feb.2004 3:16:00 PM   


Posts: 40
Joined: 31.Jan.2004
Status: offline
In the documentation it says that the order of the rules is very important, but there is no detailed explaination of the "rule for rules". My general approach is to place the deny rules first, then the allow rules, then the publishing rules, followed by the default deny rule last. Are there any tips or tricks to follow in ordering the rules?
Post #: 1
RE: Ordering the rules - 5.Feb.2004 4:23:00 PM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

That is definitely one way to do it. However, the best way to implement firewall policy is to have no deny rules. Instead, you allow access only to required resources to the appropriate uses. If there is no allow rule, then access is denied.

However, there are situations where you can see conflicts, such as a user belongs to one group that has access and another group that is not allowed access. In cases such as these, its good to put the deny above the allow, otherwise the allow will be processed first.


(in reply to Persing)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Ordering the rules Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts