Firewall Question

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi All

We have an internal network for our own users who all get there IP's via DHCP and internet access through our ISA server

Problem is we also have a 3rd party with 3 pc's connected to the network also getting there IP's via DHCP but the problem is we have no control over there internet use

Was thinking along the lines of getting a second firewall and putting that between them and the internet so as we can restrict what is available

Any thoughts on this would be most helpful

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

If they are sharing the DCHP server you should be able to specify the default gateway in the DHCP settings.

 

They will be going through our default gateway


Presently our users go through ISA because they are forced using group policy and then we have surfcontrol on there to restict/monitor internet use

But if you dont pick up the GP settings then you bypass the ISA server and get straight access

So the 3rd party wont be getting the GP as they are not authenticated and joined to our domain just getting IP addresses

 

If your deafult gateway is the ISA server though shouldn't you be able to set it up so that all traffic that passes through it goes through it's access list?

I don't know ISA, so I'm just assuming thats how it works.

 

Think i just fixed it


i have setup a user login for them on our domain and then if i change there internet settings to go through our ISA server when they connect to the internet it asks for a login they can only use the one i have setup and if they cancel it access it denied so it is set to only allow acces to the sites i specify using Surf Control

So unless they know to change the settings back to auto detect then it should work ok without having to get another firewall setup

cheers for the replies simon

 

ISA gets complicated sometimes and the results are not always what you would expect. If you set it up so that it is the clients default gateway, you basically have made the client a secure NAT client. No credentials are passed to the ISA server under this configuration, so you cannot explicitly allow or deny a user/group anything.

You need to install the firewall client (software that comes with ISA) to get the best functionality and the ability to configure ISA on a user/group basis.

If you set ISA as the proxy server for your network, you have basically made them web proxy clients, so they can take advantage of ISA web caching features but there are limitations with other web protocols.

I would recommend using the firewall client software, as this is the most comprehensive method but it will only install on windows clients.