+ Post New Thread
Results 1 to 9 of 9
Windows Thread, ISA Server in Technical; I am currently running Squidnt as a local proxy server. I have 3 instances of squid running on different ports ...
  1. #1

    Join Date
    Jul 2005
    Location
    Suffolk
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    ISA Server

    I am currently running Squidnt as a local proxy server. I have 3 instances of squid running on different ports each forwarding to a different port on the e2bn proxy servers. The reason for this is that each port on the e2bn proxy servers provide different levels of filtering, middle, upper, staff etc. Then through gpo's I can direct users to the apporpiate port. My question is can this be done with isa server.

  2. #2

    Join Date
    Jan 2007
    Location
    Clog Land
    Posts
    178
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: ISA Server

    Quote Originally Posted by yeoman
    I am currently running Squidnt as a local proxy server. I have 3 instances of squid running on different ports each forwarding to a different port on the e2bn proxy servers. The reason for this is that each port on the e2bn proxy servers provide different levels of filtering, middle, upper, staff etc. Then through gpo's I can direct users to the apporpiate port. My question is can this be done with isa server.
    Yes but not in quite the same way you just have a diferent policy for each group in ISA itself as it can identify windows group membership.

  3. #3
    Ravening_Wolf's Avatar
    Join Date
    Oct 2006
    Location
    Essex :(
    Posts
    290
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    18

    Re: ISA Server

    I would be interested in doing this too. Can you provide a few more details? The last time I tried this the groups didn't seem to apply properly...

  4. #4

    Join Date
    Jan 2007
    Location
    Clog Land
    Posts
    178
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: ISA Server

    It needs to be ISA sever 2004 it doesnt work in the previous version in my experiance. Make the ISA server a member of your domain hey presto all the groups should be there for you to add to your rules.

    Hope thats enough info if not let me know. I'm off for lunch it's friday so its chips YAY!

  5. #5

    Join Date
    Jul 2005
    Location
    Suffolk
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: ISA Server

    I am using ISA Server 2006 on a Win2003. I have only recently taken a look at this, and it might just be me, but it does not seem to be straightforward.

  6. #6

    Join Date
    Jan 2007
    Location
    Clog Land
    Posts
    178
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: ISA Server

    Quote Originally Posted by yeoman
    I am using ISA Server 2006 on a Win2003. I have only recently taken a look at this, and it might just be me, but it does not seem to be straightforward.
    I've not seen 2006 yet so things maybe slighty different

    the base point to start with ISA is that everything is denied unless EXPLICITLY Allowed. You need to create various components before you can create a rule. Source Address I tend to Add in my whole Nework internal range. Destination sets these can be websites or IP Address. protocol types eg: http. Or you can use the default ones from anywhere/to anywhere/ all protocols

    i'm assuming you want to deny access to websites

    Start by creating a rule that allows access to all web sites. Select the group you want to apply it to IE: students or domain users

    From- anywhere
    To- Anywhere
    Action- choose allow

    At this point apply the settings if you dont it wont work!

    Ooint a machines proxy to the IP of you ISA server, logon as one of the specified users you should be able to get access to the internet.

    Now for the deny part.

    Start by creating a destination set you can do this in the pane on the right in the bit called URL SET. Call it "denylist" and add a site EG: www.bbc.co.uk you would like to deny (NOTE ISA can deal with wild cards so you could do: *.bbc.co.uk or www.bbc.co.uk/cbeebies/*)

    Next start to creat a new rule as we did before

    from-anywhere
    to- denylist (you should see this when you click the add button)
    Action-choose deny (with this option you can also specify a custom error url to redirect to. I have one with the school logo telling the kids to speak to a teacher if they want the website to be add)

    then just continue adding sites to the deny list as you wish.

  7. #7

    Join Date
    Jan 2007
    Location
    Clog Land
    Posts
    178
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: ISA Server

    ***Sorry I forgot to add that the Deny rule needs to apear higher up the list than the allow rule or it wont work.***

  8. #8

    Join Date
    Jan 2007
    Location
    Clog Land
    Posts
    178
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: ISA Server

    Here is a little script that lets teachers add they sites the want to be added to the allow/deny list just pop a text file where they can get at it and change the path. then run the script by schedule or manualy and it will import the urls

    Hopefully some use


    Set Isa = CreateObject("FPC.Root")
    Set CurArray = Isa.GetContainingArray
    Set RuleElements = CurArray.RuleElements
    Set URLSets = RuleElements.URLSets
    Set URLSet = URLSets.Item("AllowList")
    Set FileSys = CreateObject("Scripting.FileSystemObject")
    Set UrlsFile = FileSys.OpenTextFile("G:\Staff\All Staff\White List\Urls.txt", 1)
    For i = 1 to URLSet.Count
    URLSet.Remove 1
    Next
    On Error Resume Next
    Do While UrlsFile.AtEndOfStream <> True
    URLSet.Add UrlsFile.ReadLine
    Loop
    WScript.Echo "Saving..."
    CurArray.Save
    WScript.Echo "Done"

  9. #9

    Join Date
    Jul 2005
    Location
    Suffolk
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: ISA Server

    Thanks for the info I will give it a try.



SHARE:
+ Post New Thread

Similar Threads

  1. Server 2003 R2 File Server Resource Manager
    By Dos_Box in forum How do you do....it?
    Replies: 1
    Last Post: 12th October 2007, 01:28 PM
  2. Replies: 5
    Last Post: 6th July 2007, 12:43 AM
  3. Windows Server 2003 File Server Resource Manager
    By mrforgetful in forum Windows
    Replies: 1
    Last Post: 17th June 2007, 02:51 PM
  4. Virtual Server 2005 R2 kills server network connection
    By ajbritton in forum Thin Client and Virtual Machines
    Replies: 0
    Last Post: 31st August 2006, 07:19 AM
  5. Downsides to passing tftp server via 2003 DHCP server?
    By pete in forum Wireless Networks
    Replies: 7
    Last Post: 11th July 2006, 11:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •