ISA 2004

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I have two questions number one. How can i stop the firewall policy called Last Default Rule that is stopping me acess the internet. And i have created a website block it is running fine on the server but how do i get it to work on the clients?

Jack

 

how would i get the clients to go throught the proxy

 

its beening setup in my lab. Anyway do you have any idea what to do about question no 1?

 

The default rule blocks all outbound connections on the network and local host

 

Why do you want to that anyway? The rule is there to stop everything that isn't explicitely allowed. If you want to access the internet then create a rule that allows you to do this.

 

ISA is a brilliant product but it is a bit of a bear to use if you don't know how to configure it. By default ISA will block all Internet traffic, that is by design, so you can't delete the default rule.

For ISA to work properly you need two NICs, one connected to the Internet directly or through a gateway device and the other connected to your local LAN. So that ISA can decide which requests from the local LAN can be allowed to acces the net or other external resources.

ISA works best if you install the Firewall Client on the client machines. Note you should not install the Firewall Client on the ISA server itself. That is a big no no! The Firewall Client can configure the clients proxy settings automatically and give the clients more functionality with apps that use windows sockets (Winsock).

With ISA you do not open or close ports as such, rather you create rules which either allow or deny access to specific sites or content with specific protocols.

So, you could say create rules which allow the sales group access to all sites except www.ebay.com and also prevent them from using streaming media protocols. You could also create another rule that allows *you* to browse www.ebay.com and have streaming media content.

One of the nicest features is the web caching ability of the proxy server service. This can be configured in many different ways. The ISA server acts like a mamouth browser cache, keeping a local copy of the sites and downloads done by anybody in the organisation. Hence if Joe Blow in sales downloads the latest Windows update first thing in the morning, when you click to download it, it will be served from ISA's cache at local network speeds.

I would suggest you check out www.isaserver.org and read up on some of their how to's