isa server 2000 rules problem

isa server 2000 rules problem (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> General

Message

Guest -> isa server 2000 rules problem (23.Sep.2005 7:48:00 AM)
My ISA 2000 Server originally only had one site and content rule Allow any request to all destinations needing to block web access for a group of users i created a deny rule and added the users from AD ( win2000 ) however it has not worked the users can still surf I also tried using group policy to change and then block the ip address within IE on each PC but users still managed to surf ! Any help would be appreciated PS If I change the allow rule that works BUT i dont want to allow several hundred users when its only 10 that i wish to deny

spouseele -> RE: isa server 2000 rules problem (23.Sep.2005 3:41:00 PM)
Hi Sparky1972, ISA 2000 processes the rules in the following order: 1. Deny rules applying to any request (anonymous). 2. Allow rules applying to any request (anonymous). 3. Deny rules applying to client address sets or users and groups (authenticated). 4. Allow rules applying to client address sets or users and groups (authenticated). HTH, Stefaan

Guest -> RE: isa server 2000 rules problem (26.Sep.2005 4:01:00 AM)
Stefan The allow rule applies to any request The Deny Rule applies to a group of users I dont have the original ISA media so I am unable to use the " Firewall Client " software Therefore as far as I can tell all users are un - athenticated ie they surf without re supplying their credential set

spouseele -> RE: isa server 2000 rules problem (26.Sep.2005 2:56:00 PM)
Hi Sparky1972, because the allow rule is anonymous, the deny rule will never kick-in. To solve the problem, all users should authenticate, either by using a web proxy or firewall client. HTH, Stefaan

Guest -> RE: isa server 2000 rules problem (28.Sep.2005 3:46:00 AM)
Steffan I tried installing the firewall client on a XP machine but i obviously did not configure it correctly because web access was granted without requiring the user to logon I have now created a client set instead and used the LAT to block access for the machines in that set however i now have a further problem how do I allow 3 or 4 websites to be accessed by the denied client set In short Q1 - How can I correctly configure the firewall client ?? Q2 - How can I create the exception site list Thanks Sparky

spouseele -> RE: isa server 2000 rules problem (28.Sep.2005 4:03:00 PM)
Hi Sparky1972, must the users be able to use Web protocols (HTTP, HTTPS and tunneled FTP) or also non-Web protocols? The Firewall client is only needed for non-Web protocols. If the clients are configured as Web Proxy and/or Firewall clients, and both the ISA server and the clients are joined to the internal domain, then the whole authentication process happens behind the scenes. In other words, the users will not be prompted for credentials because the logon credentials will be used. BTW --- to find out if a user is authenticated, check out the ISA logs. HTH, Stefaan

Guest -> RE: isa server 2000 rules problem (20.Oct.2005 12:04:00 PM)
1. Check if the clients do not have the gateway ip address. They shouldn't have it. 2. Make sure in the Internet Navigator LAN Settings the proxy + port are specified. Can be done thru a GPO.

Irus -> RE: isa server 2000 rules problem (6.Jun.2008 4:44:13 PM)
Hi, I need some help regarding Protocol Definitions, i had a manually created VBScript file which when executed, used to create a Content Group in ISA 2000, which had ALL the possibLe extensions in 1 Content Group. i sumhow missed that notepad file :s Can u help me with that ? Plus: I need Baretail and SPF-Sygate Personal Firewall Cracked Version.

Page: [1]