I have installed ISA Server as a standalone server . not using any Domain Controller . I installed ISA in Integrated mode . i want to implement some web filtering . ( wnat to aloow some users only to go to yahoo and hotmail sites not any other , could anybody help me in this , how can i restrict the users . Again i tell you that there is nothing any Domain Controller on my network .
From: Terre Haute, IN, USA
First create your destination sets and client sets under policy elements. Client sets define the "who can go" (internal users)and the destination sets define the "where they can go" on the outside.
Create a Site and Content Rule. Make sure you select Custom in the Rule Configuration. It is there that you can say these internal client sets (IP addresses X. Y and Z) can go to yahoo and hot mail destination sets. You can do cool things also like allowing access on during business hours etc.
Very slick tool and easy to figure out. But as Stephan mentioned, since you are not part of a domain, you are stuck to IP addresses, which in a DHCP address space, can change.
how are the internal clients configured: Web Proxy client, SecureNAT client and/or Firewall client?
Always remember that if the requests are going through the HTTP Redirector, all authentication information is lost. So, for HTTP/HTTPS requests, the internal client must be configured as a Web Proxy Client.
Also, you should keep in mind that ISA processes rules in the following order:
1) Deny rules applying to any request (anonymous). 2) Allow rules applying to any request (anonymous). 3) Deny rules applying to client address sets or users and groups (authenticated). 4) Allow rules applying to client address sets or users and groups (authenticated).
Now, if something isn't working as expected, you should consult the ISA logfiles. They are your primary resource for debugging. To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.
A lot of people seem to have problems with interpreting the logfiles. It isn't that difficult, but you should first understand what is logged. In the ISA helpfile there is a section called 'Firewall and Web Proxy log fields', a must read. Additional information can be found in the following articles:
Thanks spouseele and drewg181 for the help , I have done as u said and its working ,but one problem that i m facing is to block all the messengers of some specific users not all teh users , Kindly help me in this regard that how i block the MSN and Yahoo messenger of specific users .