+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, ISA Server 2004, Granting Users access to the internet when unauthenticated. in Technical; We are using ISA 2004, we need it setup so usernames are resolved (for websense). So we cannot turn off ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467

    ISA Server 2004, Granting Users access to the internet when unauthenticated.

    We are using ISA 2004, we need it setup so usernames are resolved (for websense). So we cannot turn off authorisation but how can we grant access to the internet for unauthorised users please?

    Your help is appreciated

  2. #2
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    The problem taht you will have is that you cannot set a rule up to allow web traffic to external for all users as this will not authenticate.

    I have full auth through my ISA but i had a problem when my antivirus wanted to update without Auth, i created this rule
    Allow out bound traffic (what ever traffic you want)
    from internal
    to domain name set
    then created domain name set to my antivirus update site and other sites like microsoft update.

    hope this helps,

    Regards

  3. #3

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    747
    Thank Post
    17
    Thanked 109 Times in 69 Posts
    Rep Power
    38

    computer sets

    Hi Guys,

    For antivirus and servers you want to create rules specifically for this but then create computer set rules with all the static IPs of all servers and use this computer set in the "From" section so it only allows those servers access to the internet. This will make it easier on allowing all users as there are programs on servers that are not proxy aware and so need the all users rule.

    This is how we got it setup.

    HTH,

    Ash.

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    But how can i configure ISA so users who are not unauthenticated can still get onto the net?

    Thanks

  5. #5
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    Create a new rule

    Allow - https and http
    From Internal
    To external
    for All Auth users

    This will only allow for authed users
    i would also reccommend using isa firewall client on all workstations if you are forcing auth,

    HTH

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    No, we have it working fine, but unauthenticated just as guest laptops etc i want them to have access to the internet. But we cannot turn off unauthentication.

    Basically any unauthenticated need access to the internet.

  7. #7
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    I can only think of two ways to get around this problem,

    the first would be to give them statics/reservations then creat the rule desigend on there ip's but this would only work if the laptops where controlled by you institute.

    the second would be to create a "internet" user account so when the browse and it prompts for username and password you could give them the "internet"user account and base the rule on that one user.

    HTH

  8. #8

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,158
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Quote Originally Posted by maf_001 View Post
    I can only think of two ways to get around this problem,

    the first would be to give them statics/reservations then creat the rule desigend on there ip's but this would only work if the laptops where controlled by you institute.

    the second would be to create a "internet" user account so when the browse and it prompts for username and password you could give them the "internet"user account and base the rule on that one user.

    HTH
    Depending on volume of access needed you might want to make a group which has access and put auto-created users in that. You would then just hand out the individual user details to the person so that they could get proxy access and delete the user at the end of the session (or just delete/re-create at the end of each day).

    You would probably want to "deny logon locally" to those users so they couldn't make use of other network facilities.

  9. #9

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    But i can't do that to guest laptops. Literally it needs just to be simply plugin and go.

  10. #10

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    747
    Thank Post
    17
    Thanked 109 Times in 69 Posts
    Rep Power
    38

    vlans

    If its plug in and go then you need to create vlans on your network and users who are guest can go on that vlan and will have access to the net (providing you created rules) this will make it easier to create rule on ISA as you just create another internal network and make all the vlan's clients default gateway the ip address of the isa server.

    Ash.

  11. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    Who don't have the switches for that. Plus my NM won't go for it.

    All i need to know is how to grant access to the internet to users that have not been unauthenticated against AD.

  12. #12

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,597
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183
    You could try a second afirewall rule for Internet access. You will have one already to allow authenticated users, place one for 'all users' directly beneath it.

    There is a flaw in your plan though, any infractions caused by 'guests' will not be logged properly. I think that there is a way of forcing the authentication dialogue - I assume that your 'guests' are students with their own machines so they will have a login.

    If the guests are not students/staff, you would need the user to sign an AUP anyway to make sure that they agree to behave!

  13. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    I thought that, but its configured under Configuration > Networks. Surely there must be a way to do this?
    Last edited by FN-GM; 28th February 2008 at 10:30 PM.

  14. #14

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    Anyone Please?

  15. #15
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    I do not think that it is possible still, i would just find a old workststion taht is going to be binned and run smoothwall along side your existing ISA and point the unathenticated clients at the smoothwall, it is free and will run on most hardware.

    Set this box up to allow internet access only, shouldnt take you more than an hour to set this up.

    HTH



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 17th January 2011, 03:36 PM
  2. Replies: 2
    Last Post: 7th September 2007, 03:13 PM
  3. Granting Permission: Task Mgr, Admin rights for install
    By lemonstar in forum Network and Classroom Management
    Replies: 4
    Last Post: 29th August 2007, 02:53 PM
  4. ISA 2004 - web access intermittent problem
    By SimonC in forum Windows
    Replies: 11
    Last Post: 13th February 2007, 11:48 PM
  5. ISA Server 2004
    By krb548 in forum How do you do....it?
    Replies: 15
    Last Post: 25th July 2005, 01:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •