+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
How do you do....it? Thread, ISA 2004 in Technical; Looking at setting up ISA 2004 as a dowstream Proxy/web filter from our LEA (who have agreed to let us ...
  1. #1

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498

    ISA 2004

    Looking at setting up ISA 2004 as a dowstream Proxy/web filter from our LEA (who have agreed to let us do it) since they are.. quite frankly - crap!..

    Our question is .. has anyone configured ISA 2004 to do this thing before?
    If they have can they let us know how they did it so that the pupils hit our ISA box and then go onto the LEA's poxy server?

    I've only had a brief look at the server before getting caught up in more pressing problems (GPO not applying to SP2 PCs & servers not accepting Win2k3 SP1 patch) but did see an option of setting it up an "upstream" connection

    We're using Standard Ed. of ISA 2004 btw

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: ISA 2004

    You simply set all your clients to point at your ISA box as the gateway and proxy.

    You then simply need to set up an ISA routing rule telling it to fetch data from an upstream server.

  3. #3

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498

    Re: ISA 2004

    :!:
    You mean it really is THAT easy? :x

    Thnks ric - will look at it tomorrow once i get my DC's sorted

    Once the ISA's set up we're gonna be pulling the top 20 sites visited by the kids and blocking them

    Which Salford LEA are meant to be doing but it takes at least 24hrs for our requests to get blocked :x

    Looking at the practicallity of breaking away from them...

  4. #4

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: ISA 2004

    That's the top 20, no matter what they are? People quite like Google!

  5. #5
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,227
    Thank Post
    50
    Thanked 271 Times in 209 Posts
    Blog Entries
    6
    Rep Power
    108

    Re: ISA 2004

    The really nice thing about ISA is that you can set it to use different filters for different AD users and groups. For example, we have a website ban list about a mile and a half long for students but a very limited one for staff. You can also do the same for different protocols. Another example, you might not want the kids to be able to stream Real videos from the web but you want teachers to be able to. With ISA you can. Bloody marvellous

    /edit

    The most accessed site at our school is Google Images. That generally gets at least five times as much traffic as any other website and its never off the top of our most browsed list.

    One thing to take into account is that although ISA makes very through logs, its ability to analyze them leaves a lot to be desired or at least it does in ISA 2000. We bought Webspy Webanaylser, its brilliant

  6. #6

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: ISA 2004

    @Norphy: A very good point about the RealMedia protocol! Kids take the piss and listen to Internet radio but staff still need to be able to show them clips off the BBC website (which are invariably in Real format!)

  7. #7

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498

    Re: ISA 2004

    Quote Originally Posted by Ric_
    That's the top 20, no matter what they are? People quite like Google!
    Already asked for video.google.com to be banned, much to the LEA's reluctance! would like to ban images but its needed for coursework

    Quote Originally Posted by Norphy
    he really nice thing about ISA is that you can set it to use different filters for different AD users and groups. For example, we have a website ban list about a mile and a half long for students but a very limited one for staff. You can also do the same for different protocols. Another example, you might not want the kids to be able to stream Real videos from the web but you want teachers to be able to. With ISA you can. Bloody marvellous :Smile:
    Ah was hoping that was going to be possible in 2004, was the one problem with 2000 - everything was global!

    Quote Originally Posted by Ric_
    @Norphy: A very good point about the RealMedia protocol! Kids take the piss and listen to Internet radio but staff still need to be able to show them clips off the BBC website (which are invariably in Real format!)
    Not on my network they wont be :twisted:

  8. #8

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,630
    Thank Post
    890
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441

    Re: ISA 2004

    Gatt we block google images. www.picsearch.com is moderated and controlled, so no porn there
    We had alot of staff resistance to blocking google images but now they love picsearch as its safe. Recommend that to your SMT.
    If you have the money get Smart Filter for ISA 2004. Then you have your own filtering system. Its really good.

  9. #9

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498

    Re: ISA 2004

    ill check that site out - thank
    I think we are able toget a copy of SurfControl from the LEA, however, if we do split from them we'll need to cost things like this..

  10. #10

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,498
    Thank Post
    1,488
    Thanked 1,049 Times in 918 Posts
    Rep Power
    301

    Re: ISA 2004

    Slightly OT, but how do you get the BBC stuff to work via ISA 2004? For the kids and staff (and anybody without the Firewall client) they cannot get it to work, I can as an admin with the FC, but we are not rolling that out to all users.

  11. #11
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,227
    Thank Post
    50
    Thanked 271 Times in 209 Posts
    Blog Entries
    6
    Rep Power
    108

    Re: ISA 2004

    Quote Originally Posted by Gatt
    Ah was hoping that was going to be possible in 2004, was the one problem with 2000 - everything was global!
    We're running 2000 atm and tbh have no intention of upgrading. Its certainly possible to apply one filter to one group and another to another.

  12. #12

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: ISA 2004

    @Gatt: You can always re-direct them to the safesearch version of the image search - so that all the thumbnail porn is filtered out. Just make a content rule that re-directs to the safe search URL rather than your access denied page.

  13. #13

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498

    Re: ISA 2004

    // scribbles all the notes down
    thanks guys - gonna start setting this up today, and hope toget it online by end of net week

  14. #14

    Join Date
    Feb 2006
    Location
    University of Wales, Lampeter
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: ISA 2004

    Quote Originally Posted by john
    Slightly OT, but how do you get the BBC stuff to work via ISA 2004? For the kids and staff (and anybody without the Firewall client) they cannot get it to work, I can as an admin with the FC, but we are not rolling that out to all users.
    are you using the built-in real client? or have you got real installed on the machines already. if you are using the bbc's real client direct through their web pages we've found there is a problem with authenticated proxy access. what you have to do is to get people to open the bbc webpage in the real client, then when you get to the correct radio stream, then it will give you the authenticated access prompts so you can get out

  15. #15
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,079
    Thank Post
    116
    Thanked 70 Times in 48 Posts
    Rep Power
    56

    Re: ISA 2004

    We run ISA 2004 with the LEa proxy, the thing to remember is as Ric syas and thats to set the upstream proxy to your LEA proxy, this is just a tick box for use upstream and type in the LEA proxy IP, then point all clients to your ISA. You need 2 Nic's in the machine 1 to contact the upstream proxy set with a static IP and another set with a static IP to take the requests from your client.

    We operate a whitelist so there is no issue of kids looking at anything we dont sanction.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Logicator 2004
    By wesleyw in forum Educational Software
    Replies: 9
    Last Post: 19th May 2009, 10:51 AM
  2. Either I am stupid or ISA 2004 is!
    By saundersmatt in forum How do you do....it?
    Replies: 14
    Last Post: 5th June 2007, 02:24 PM
  3. Tidying up ISA 2004
    By eejit in forum Windows
    Replies: 2
    Last Post: 29th January 2007, 01:20 PM
  4. ISA 2004 & WSUS
    By Gatt in forum Windows
    Replies: 9
    Last Post: 15th June 2006, 01:38 PM
  5. ISA Server 2004
    By krb548 in forum How do you do....it?
    Replies: 15
    Last Post: 25th July 2005, 12:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •