• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IP Based Restrictions

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> IP Based Restrictions Page: [1]
Login
Message << Older Topic   Newer Topic >>
IP Based Restrictions - 22.Aug.2003 7:11:00 AM   
hafeez

 

Posts: 6
Joined: 22.Aug.2003
Status: offline
I have installed ISA Server as a standalone server . not using any Domain Controller . I installed ISA in Integrated mode . i want to implement some web filtering . ( wnat to aloow some users only to go to yahoo and hotmail sites not any other , could anybody help me in this , how can i restrict the users .
Again i tell you that there is nothing any Domain Controller on my network .

Thanks in adv.
Post #: 1
RE: IP Based Restrictions - 22.Aug.2003 11:35:00 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi hafeez,

apply the rules to user/group membership. If ISA is a standalone server, create the users and groups on the ISA server itself.

HTH,
Stefaan

(in reply to hafeez)
Post #: 2
RE: IP Based Restrictions - 22.Aug.2003 12:20:00 PM   
hafeez

 

Posts: 6
Joined: 22.Aug.2003
Status: offline
Thanks for ur reply .

Is there any other way to restrict the users or is there any third party software/add ons available to implemnet this ????

(in reply to hafeez)
Post #: 3
RE: IP Based Restrictions - 22.Aug.2003 5:17:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi hafeez,

in the title of this post you said "IP based restriction". In the body of the post you talk about users. So, I told you how to do user based access control without a Domain Controller.

However, if you like IP based access control, apply the rules to a client address set. Just keep in mind that this is not a so good solution if you use DHCP assigned IP addresses on the clients.

HTH,
Stefaan

(in reply to hafeez)
Post #: 4
RE: IP Based Restrictions - 22.Aug.2003 10:05:00 PM   
drewg181

 

Posts: 40
Joined: 12.Jul.2001
From: Terre Haute, IN, USA
Status: offline
First create your destination sets and client sets under policy elements. Client sets define the "who can go" (internal users)and the destination sets define the "where they can go" on the outside.

Create a Site and Content Rule. Make sure you select Custom in the Rule Configuration. It is there that you can say these internal client sets (IP addresses X. Y and Z) can go to yahoo and hot mail destination sets. You can do cool things also like allowing access on during business hours etc.

Very slick tool and easy to figure out. But as Stephan mentioned, since you are not part of a domain, you are stuck to IP addresses, which in a DHCP address space, can change.

Good luck!

(in reply to hafeez)
Post #: 5
RE: IP Based Restrictions - 23.Aug.2003 6:05:00 AM   
hafeez

 

Posts: 6
Joined: 22.Aug.2003
Status: offline
Thakns for the replies .

I m not using the DHCP Server , i have set the static Ip's to the client machines ,

i worked on that ( as u said ) but unfortunately thats not worked [Frown]

What is the better solution , because i just only want to restrict only three users not to to visit any other site except yahoo and hotmail .

Either to work on ISA Server for to implement restrictions , or use any third party tool or install firewall software on those three client machines for the restriction of web traffic .

(in reply to hafeez)
Post #: 6
RE: IP Based Restrictions - 23.Aug.2003 1:38:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi hafeez,

how are the internal clients configured: Web Proxy client, SecureNAT client and/or Firewall client?

Always remember that if the requests are going through the HTTP Redirector, all authentication information is lost. So, for HTTP/HTTPS requests, the internal client must be configured as a Web Proxy Client.

For more info about the different ISA client types, check out:
- http://www.isaserver.org/tutorials/ISA_Clients__Part_1__General_ISA_Server_Configuration.html
- http://www.isaserver.org/tutorials/ISA_Clients__Part_2_SecureNAT_and_Web_Proxy_Client.html
- http://www.isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Client.html

Also, you should keep in mind that ISA processes rules in the following order:

1) Deny rules applying to any request (anonymous).
2) Allow rules applying to any request (anonymous).
3) Deny rules applying to client address sets or users and groups (authenticated).
4) Allow rules applying to client address sets or users and groups (authenticated).

Now, if something isn't working as expected, you should consult the ISA logfiles. They are your primary resource for debugging. To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.

A lot of people seem to have problems with interpreting the logfiles. It isn't that difficult, but you should first understand what is logged. In the ISA helpfile there is a section called 'Firewall and Web Proxy log fields', a must read. Additional information can be found in the following articles:

- http://support.microsoft.com/default.aspx?scid=kb;en-us;284818
- http://support.microsoft.com/default.aspx?scid=kb;en-us;193625
- http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/windows_sockets_error_codes_2.asp

HTH,
Stefaan

(in reply to hafeez)
Post #: 7
RE: IP Based Restrictions - 23.Aug.2003 1:54:00 PM   
hafeez

 

Posts: 6
Joined: 22.Aug.2003
Status: offline
Thanks for the Help , I 'll do these things , which u told me and after that let u know .

Again Thakns for all this (Y).

(in reply to hafeez)
Post #: 8
RE: IP Based Restrictions - 23.Aug.2003 4:48:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi hafeez,

glad I could help! [Smile]

BTW --- if you have any further questions, don't hesitate to post a follow up.

Thanks,
Stefaan

(in reply to hafeez)
Post #: 9
RE: IP Based Restrictions - 27.Aug.2003 7:23:00 AM   
hafeez

 

Posts: 6
Joined: 22.Aug.2003
Status: offline
Thanks spouseele and drewg181 for the help , I have done as u said and its working ,but one problem that i m facing is to block all the messengers of some specific users not all teh users , Kindly help me in this regard that how i block the MSN and Yahoo messenger of specific users .

Thanks

(in reply to hafeez)
Post #: 10
RE: IP Based Restrictions - 28.Aug.2003 8:59:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi hafeez,

check out http://www.isaserver.org/tutorials/How_to_Block_Dangerous_Instant_Messengers_Using_ISA_Server.html .

HTH,
Stefaan

(in reply to hafeez)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> IP Based Restrictions Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts