Sorry no answer, but you're up against typical f/w behaviour for authenticated policy rules e.g. I had to do this with a serious f/w appliance a while back and it took some effort. Eventually found out how and it was an obscure command line hidden in a dark recess of the small-print, not something you can do in the wizz-bang GUI. I subsequently gave unauthenticated users much more limited access to the net than authenticated users which made my scenario a Reasonable Thing To Do[tm].how to grant access to the internet to users that have not been unauthenticated against AD.
If you can do your scenario by tweaking ISA it will probably take a fight and I'm doubtful you'll succeed.
Does WebSense have any other way of grabbing usernames? For instance I've installed a 3rd-party web filter on an ISA 2K6 that had a s/w agent you could put on DCs to monitor logons and map them to IP addresses. The filter could then be configured to settle for logging IP addresses in the absence of an associated domain account name.
Unfortunately there isn't. Bit of an annoyance i know.
Maybe there could be a away to forward unauthorised users on to another ISA server?
There are currently 1 users browsing this thread. (0 members and 1 guests)