1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall Question

Discussion in 'Computer Security' started by mojorisin, Feb 16, 2006.

  1. mojorisin

    mojorisin Kilobyte Poster

    395
    14
    41
    Hi All

    We have an internal network for our own users who all get there IP's via DHCP and internet access through our ISA server

    Problem is we also have a 3rd party with 3 pc's connected to the network also getting there IP's via DHCP but the problem is we have no control over there internet use

    Was thinking along the lines of getting a second firewall and putting that between them and the internet so as we can restrict what is available

    Any thoughts on this would be most helpful
     
    WIP: 70-685 http://www.speedtest.net/result/3377759783.png
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    If they are sharing the DCHP server you should be able to specify the default gateway in the DHCP settings.

    8)
     
  3. mojorisin

    mojorisin Kilobyte Poster

    395
    14
    41
    They will be going through our default gateway


    Presently our users go through ISA because they are forced using group policy and then we have surfcontrol on there to restict/monitor internet use

    But if you dont pick up the GP settings then you bypass the ISA server and get straight access

    So the 3rd party wont be getting the GP as they are not authenticated and joined to our domain just getting IP addresses
     
    WIP: 70-685 http://www.speedtest.net/result/3377759783.png
  4. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    If your deafult gateway is the ISA server though shouldn't you be able to set it up so that all traffic that passes through it goes through it's access list?

    I don't know ISA, so I'm just assuming thats how it works.

    8)
     
  5. mojorisin

    mojorisin Kilobyte Poster

    395
    14
    41
    Think i just fixed it


    i have setup a user login for them on our domain and then if i change there internet settings to go through our ISA server when they connect to the internet it asks for a login they can only use the one i have setup and if they cancel it access it denied so it is set to only allow acces to the sites i specify using Surf Control

    So unless they know to change the settings back to auto detect then it should work ok without having to get another firewall setup

    cheers for the replies simon :biggrin
     
    WIP: 70-685 http://www.speedtest.net/result/3377759783.png
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    ISA gets complicated sometimes and the results are not always what you would expect. If you set it up so that it is the clients default gateway, you basically have made the client a secure NAT client. No credentials are passed to the ISA server under this configuration, so you cannot explicitly allow or deny a user/group anything.

    You need to install the firewall client (software that comes with ISA) to get the best functionality and the ability to configure ISA on a user/group basis.

    If you set ISA as the proxy server for your network, you have basically made them web proxy clients, so they can take advantage of ISA web caching features but there are limitations with other web protocols.

    I would recommend using the firewall client software, as this is the most comprehensive method but it will only install on windows clients.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...