Looking at setting up ISA 2004 as a dowstream Proxy/web filter from our LEA (who have agreed to let us do it) since they are.. quite frankly - crap!..
Our question is .. has anyone configured ISA 2004 to do this thing before?
If they have can they let us know how they did it so that the pupils hit our ISA box and then go onto the LEA's poxy server?
I've only had a brief look at the server before getting caught up in more pressing problems (GPO not applying to SP2 PCs & servers not accepting Win2k3 SP1 patch) but did see an option of setting it up an "upstream" connection
We're using Standard Ed. of ISA 2004 btw
You simply set all your clients to point at your ISA box as the gateway and proxy.
You then simply need to set up an ISA routing rule telling it to fetch data from an upstream server.
:!:
You mean it really is THAT easy? :x
Thnks ric - will look at it tomorrow once i get my DC's sorted
Once the ISA's set up we're gonna be pulling the top 20 sites visited by the kids and blocking them
Which Salford LEA are meant to be doing but it takes at least 24hrs for our requests to get blocked :x
Looking at the practicallity of breaking away from them...
That's the top 20, no matter what they are? People quite like Google!
The really nice thing about ISA is that you can set it to use different filters for different AD users and groups. For example, we have a website ban list about a mile and a half long for students but a very limited one for staff. You can also do the same for different protocols. Another example, you might not want the kids to be able to stream Real videos from the web but you want teachers to be able to. With ISA you can. Bloody marvellous
/edit
The most accessed site at our school is Google Images. That generally gets at least five times as much traffic as any other website and its never off the top of our most browsed list.
One thing to take into account is that although ISA makes very through logs, its ability to analyze them leaves a lot to be desired or at least it does in ISA 2000. We bought Webspy Webanaylser, its brilliant
@Norphy: A very good point about the RealMedia protocol! Kids take the piss and listen to Internet radio but staff still need to be able to show them clips off the BBC website (which are invariably in Real format!)
Already asked for video.google.com to be banned, much to the LEA's reluctance! would like to ban images but its needed for courseworkOriginally Posted by Ric_
That's the top 20, no matter what they are? People quite like Google!
Ah was hoping that was going to be possible in 2004, was the one problem with 2000 - everything was global!
Not on my network they wont be :twisted:
Gatt we block google images. www.picsearch.com is moderated and controlled, so no porn there
We had alot of staff resistance to blocking google images but now they love picsearch as its safe. Recommend that to your SMT.
If you have the money get Smart Filter for ISA 2004. Then you have your own filtering system. Its really good.
ill check that site out - thank
I think we are able toget a copy of SurfControl from the LEA, however, if we do split from them we'll need to cost things like this..
Slightly OT, but how do you get the BBC stuff to work via ISA 2004? For the kids and staff (and anybody without the Firewall client) they cannot get it to work, I can as an admin with the FC, but we are not rolling that out to all users.
We're running 2000 atm and tbh have no intention of upgrading. Its certainly possible to apply one filter to one group and another to another.
@Gatt: You can always re-direct them to the safesearch version of the image search - so that all the thumbnail porn is filtered out. Just make a content rule that re-directs to the safe search URL rather than your access denied page.
// scribbles all the notes down
thanks guys - gonna start setting this up today, and hope toget it online by end of net week
are you using the built-in real client? or have you got real installed on the machines already. if you are using the bbc's real client direct through their web pages we've found there is a problem with authenticated proxy access. what you have to do is to get people to open the bbc webpage in the real client, then when you get to the correct radio stream, then it will give you the authenticated access prompts so you can get out
We run ISA 2004 with the LEa proxy, the thing to remember is as Ric syas and thats to set the upstream proxy to your LEA proxy, this is just a tick box for use upstream and type in the LEA proxy IP, then point all clients to your ISA. You need 2 Nic's in the machine 1 to contact the upstream proxy set with a static IP and another set with a static IP to take the requests from your client.
We operate a whitelist so there is no issue of kids looking at anything we dont sanction.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote