+ Post New Thread
Results 1 to 8 of 8
Wireless Networks Thread, ISA Server 2006 & EMBC - web filtering in Technical; Hey all, I haven't posted here before but I have a question. I'm sure that's not that uncommon. I want ...
  1. #1
    Modey's Avatar
    Join Date
    Oct 2007
    Location
    Northants
    Posts
    140
    Thank Post
    16
    Thanked 31 Times in 26 Posts
    Rep Power
    20

    ISA Server 2006 & EMBC - web filtering

    Hey all,

    I haven't posted here before but I have a question. I'm sure that's not that uncommon.

    I want to do away with the fairly basic filtering we have in place via Netsweeper and instead do the main filtering with ISA 2006 which we have setup on our network perimeter. I'm a bit of a newbie when it comes to ISA but I have played around with it a little and have found some guides which show various ways to enable web filtering. My problem is that I can't seem to get the filtering to work properly. It either doesn't filter at all, or blocks everything. I have tried setting up Access Rules that then filter all traffic via Domain Name Sets and also URL sets. Neither of these methods worked, but it's possible it could be to do with the DNS setup here ...

    In conjunction with the above I also tried to configure Web Chaining and use the EMBC proxy as an upstream proxy, but that didn't work either.

    I was just wondering if there is a way of configuring our ISA server so we can have finer control of filtering on a local level. The primary purpose of this would be so I could control filtering at a AD group level.

    I realise that my inexperience with ISA is probably the main problem here, but I would appreciate any advice on this.

  2. #2

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    7,015
    Thank Post
    1,362
    Thanked 1,769 Times in 1,191 Posts
    Blog Entries
    22
    Rep Power
    530
    Welcome

    Web chaining shouldn't be a problem, we do that here with EMBC proxy.

    We have two rules, one that serves up local sites, and a second that directs everything else upstream.

    What issues were you having?

    As an aside, I once had a chat with an EMBC guy about ISA Servers, he got very angry and told me to bin ours as it was 'junk'. Very weird conversation.

  3. #3
    Modey's Avatar
    Join Date
    Oct 2007
    Location
    Northants
    Posts
    140
    Thank Post
    16
    Thanked 31 Times in 26 Posts
    Rep Power
    20
    Ok I'll explain about the setup a little more. At the moment, all PC's that access the Internet have the EMBC Proxy (proxy.embc.org.uk) configured by group policy in IE. There are some laptops that aren't configured via GP and instead done manually.

    I setup the web chaining to point at proxy.embc.org.uk, then set a workstation's proxy to the address of the ISA server on port 80. As far as I can tell the ISA server was configured to be a web proxy, but isn't actually being used as such by any clients. It looks to me like it's been setup as a cache and a firewall, and that's about it.

    I assumed that since clients have the embc proxy configured, that traffic going via the gateway (the ISA server) would be bypassing the fact that it's also a proxy server. Our local DNS server is AD Integrated and setup on one of the DC's. It's forwarders are set to the EMBC DNS server addresses.

    As mentioned in the original post, my efforts thus far to configure filtering on the ISA server have failed. Maybe I didn't configure the web chaining correctly? Does it require authentication?

    I went to Networks, Web Chaining, Properties of the Last Default Rule (the only entry in Web Chaining), then clicked on the Action tab. Clicked on Redirecting to a specified upstream server, then put the EMBC settings in.

    As I was typing this though, I just noticed that when I tried this before I made a typo when configuring the upstream server. I'll try the filtering again now I have done this. Hopefully it will work.

  4. #4
    Modey's Avatar
    Join Date
    Oct 2007
    Location
    Northants
    Posts
    140
    Thank Post
    16
    Thanked 31 Times in 26 Posts
    Rep Power
    20
    Well now that I have configured the upstream proxy properly, and then applied a new Access Rule that is blocking all traffic to specific Domain Name Sets ... it's working!

    As has happened many times in the past, describing the problem helped a great deal. We'll just forget that it was a typo that caused the problem in the first place. Apparently proxy.embc.org.k is not valid.

  5. #5

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    7,015
    Thank Post
    1,362
    Thanked 1,769 Times in 1,191 Posts
    Blog Entries
    22
    Rep Power
    530
    Quote Originally Posted by Modey View Post
    We'll just forget that it was a typo that caused the problem in the first place. Apparently proxy.embc.org.k is not valid.
    Glad its working!

  6. #6

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,257
    Thank Post
    55
    Thanked 283 Times in 189 Posts
    Rep Power
    135
    Quote Originally Posted by Modey View Post
    Well now that I have configured the upstream proxy properly, and then applied a new Access Rule that is blocking all traffic to specific Domain Name Sets ... it's working!

    As has happened many times in the past, describing the problem helped a great deal. We'll just forget that it was a typo that caused the problem in the first place. Apparently proxy.embc.org.k is not valid.
    Might be worth putting the new one in as well - since you're fiddling with it

    proxy.embc.uk.com

    Whereabouts are you in Northants - are you coming to the IT meeting on Friday?

  7. #7
    Modey's Avatar
    Join Date
    Oct 2007
    Location
    Northants
    Posts
    140
    Thank Post
    16
    Thanked 31 Times in 26 Posts
    Rep Power
    20
    Quote Originally Posted by SpuffMonkey View Post
    Might be worth putting the new one in as well - since you're fiddling with it

    proxy.embc.uk.com

    Whereabouts are you in Northants - are you coming to the IT meeting on Friday?
    Thanks for the new proxy, is that one live yet?

    I live in Northampton and work in Wellingbrough. I don't think we would be able to make this meeting you have mentioned, we have a lot on, on Friday's in particular.

  8. #8

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,257
    Thank Post
    55
    Thanked 283 Times in 189 Posts
    Rep Power
    135
    Quote Originally Posted by Modey View Post
    Thanks for the new proxy, is that one live yet?

    I live in Northampton and work in Wellingbrough. I don't think we would be able to make this meeting you have mentioned, we have a lot on, on Friday's in particular.
    Seems to be working for us - though they are spoofing the old one.

    Shame - the meetings are always useful and its good to put a face to a handle. Mebbe next time.

SHARE:
+ Post New Thread

Similar Threads

  1. Embc user level filtering
    By peterv5 in forum Windows
    Replies: 163
    Last Post: 12th May 2008, 11:10 PM
  2. ISA Server 2006 Remote VPN
    By Michael_84 in forum Wireless Networks
    Replies: 0
    Last Post: 19th February 2008, 05:41 PM
  3. EMBC - filtering - not fit for purpose?
    By TheCrust in forum Wireless Networks
    Replies: 9
    Last Post: 30th January 2008, 08:58 AM
  4. isa server 2006
    By DaveJ2717uk in forum Windows
    Replies: 6
    Last Post: 10th May 2007, 01:50 PM
  5. ISA Server 2006
    By Norphy in forum Windows
    Replies: 13
    Last Post: 9th March 2006, 02:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •