I have installed ISA Server as a standalone server . not using any Domain Controller . I installed ISA in Integrated mode . i want to implement some web filtering . ( wnat to aloow some users only to go to yahoo and hotmail sites not any other , could anybody help me in this , how can i restrict the users . Again i tell you that there is nothing any Domain Controller on my network .
in the title of this post you said "IP based restriction". In the body of the post you talk about users. So, I told you how to do user based access control without a Domain Controller.
However, if you like IP based access control, apply the rules to a client address set. Just keep in mind that this is not a so good solution if you use DHCP assigned IP addresses on the clients.
Posts: 40
Joined: 12.Jul.2001
From: Terre Haute, IN, USA
Status: offline
First create your destination sets and client sets under policy elements. Client sets define the "who can go" (internal users)and the destination sets define the "where they can go" on the outside.
Create a Site and Content Rule. Make sure you select Custom in the Rule Configuration. It is there that you can say these internal client sets (IP addresses X. Y and Z) can go to yahoo and hot mail destination sets. You can do cool things also like allowing access on during business hours etc.
Very slick tool and easy to figure out. But as Stephan mentioned, since you are not part of a domain, you are stuck to IP addresses, which in a DHCP address space, can change.
I m not using the DHCP Server , i have set the static Ip's to the client machines ,
i worked on that ( as u said ) but unfortunately thats not worked
What is the better solution , because i just only want to restrict only three users not to to visit any other site except yahoo and hotmail .
Either to work on ISA Server for to implement restrictions , or use any third party tool or install firewall software on those three client machines for the restriction of web traffic .
how are the internal clients configured: Web Proxy client, SecureNAT client and/or Firewall client?
Always remember that if the requests are going through the HTTP Redirector, all authentication information is lost. So, for HTTP/HTTPS requests, the internal client must be configured as a Web Proxy Client.
Also, you should keep in mind that ISA processes rules in the following order:
1) Deny rules applying to any request (anonymous). 2) Allow rules applying to any request (anonymous). 3) Deny rules applying to client address sets or users and groups (authenticated). 4) Allow rules applying to client address sets or users and groups (authenticated).
Now, if something isn't working as expected, you should consult the ISA logfiles. They are your primary resource for debugging. To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.
A lot of people seem to have problems with interpreting the logfiles. It isn't that difficult, but you should first understand what is logged. In the ISA helpfile there is a section called 'Firewall and Web Proxy log fields', a must read. Additional information can be found in the following articles:
Thanks spouseele and drewg181 for the help , I have done as u said and its working ,but one problem that i m facing is to block all the messengers of some specific users not all teh users , Kindly help me in this regard that how i block the MSN and Yahoo messenger of specific users .
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> IP Based Restrictions 
IP Based Restrictions - 
![[Frown]](/image/smiles/frown.gif)
RE: IP Based Restrictions - ![[Smile]](/image/smiles/smile.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread