1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ISA 2004

Discussion in 'Internet, Connectivity and Communications' started by jackd, May 11, 2006.

  1. jackd

    jackd Megabyte Poster

    555
    7
    64
    I have two questions number one. How can i stop the firewall policy called Last Default Rule that is stopping me acess the internet. And i have created a website block it is running fine on the server but how do i get it to work on the clients?

    Jack
     
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Are the clients going through the ISA server as a proxy? If so do you have the clients authenticating with the proxy? 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. jackd

    jackd Megabyte Poster

    555
    7
    64
    how would i get the clients to go throught the proxy
     
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    In internet explorer click on tools>internet options, click on the connections tab and then click on the LAN settings button.

    In there check the proxy server box and then type the name of your ISA server and for the port type 8080.

    Just out of interest is this being setup in a test lab or on a live network? 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. jackd

    jackd Megabyte Poster

    555
    7
    64
    its beening setup in my lab. Anyway do you have any idea what to do about question no 1?
     
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    As far as I can remember the default rule is to allow all outbound connections so that shouldn’t block internet access. Can you give me more info on what the rule does, what ports does it block?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. jackd

    jackd Megabyte Poster

    555
    7
    64
    The default rule blocks all outbound connections on the network and local host
     
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Weird, can you edit the rule to allow all outbound connections?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Why do you want to that anyway? The rule is there to stop everything that isn't explicitely allowed. If you want to access the internet then create a rule that allows you to do this.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    True, it’s only a test environment though. 8)

    I doubt the ISA firewall is the gateway to the internet anyways, there is probably a ADSL modem\switch acting as the gateway. This would have to be locked down to only allow connections from the ISA firewall as you could just take the proxy settings out of IE to bypass it.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  11. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    ISA is a brilliant product but it is a bit of a bear to use if you don't know how to configure it. By default ISA will block all Internet traffic, that is by design, so you can't delete the default rule.

    For ISA to work properly you need two NICs, one connected to the Internet directly or through a gateway device and the other connected to your local LAN. So that ISA can decide which requests from the local LAN can be allowed to acces the net or other external resources.

    ISA works best if you install the Firewall Client on the client machines. Note you should not install the Firewall Client on the ISA server itself. That is a big no no! The Firewall Client can configure the clients proxy settings automatically and give the clients more functionality with apps that use windows sockets (Winsock).

    With ISA you do not open or close ports as such, rather you create rules which either allow or deny access to specific sites or content with specific protocols.

    So, you could say create rules which allow the sales group access to all sites except www.ebay.com and also prevent them from using streaming media protocols. You could also create another rule that allows *you* to browse www.ebay.com and have streaming media content.

    One of the nicest features is the web caching ability of the proxy server service. This can be configured in many different ways. The ISA server acts like a mamouth browser cache, keeping a local copy of the sites and downloads done by anybody in the organisation. Hence if Joe Blow in sales downloads the latest Windows update first thing in the morning, when you click to download it, it will be served from ISA's cache at local network speeds.

    I would suggest you check out www.isaserver.org and read up on some of their how to's :biggrin
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  12. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    I do want to get more knowledge on how to use ISA firewall. Most of our clients use Nokia check point boxes but some new clients have requested ISA so Id better start reading up on how to use it! 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...