Wireless Networks Thread, Problem to configure Web Access Rule on ISA Server 2006 in Technical; Hello,
I have created a web access rule to deny HTTP, HTTPS protocols to internal network from a specific web ...
22nd May 2010, 01:52 AM #1
- Rep Power
Problem to configure Web Access Rule on ISA Server 2006
I have created a web access rule to deny HTTP, HTTPS protocols to internal network from a specific web site defined on a URL Set. This rule is set to a group from Active Directory defined on Users Set. This group owns only one member.
When we try to test internet access on client, ISA Server blocks not only the user group we have set in the rule, but all users from Active Directory.
What could be the problem?
Using Windows Server 2008 as a Domain Controller
ISA Server 2006 is runnig on Windows Server 2003
Client machines are using Windows XP SP3
Tests are being implement on a virtual network using VirtualBox.
IDG Tech News
22nd May 2010, 04:36 AM #2
Is the deny rule above the allow rule for other http acess as it goes down the list in order. Also are the cliets set to allow Integrated Windows Authentication so that they will pass through the required information to ISA.
22nd May 2010, 03:05 PM #3
Do you have the firewall client installed on the machine? As far as I was aware, to do any user based control or logging you need to have the client installed.
23rd May 2010, 01:10 AM #4
As mentioned previously, check you have enabled Integrated Authentication. Configuration -> Networks -> Networks(tab) -> Internal -> right click -> properties -> Web Proxy(tab) ->Authentication - check integrated
You cannot use transparent proxy(just setting a default gateway) if you want to use rules requiring authentication. You need to set a proxy server in your Web Browser. Check your web browser is set to use ISA as the proxy server and on the correct port number( ISA default 8080).
Check you rule is configured in the correct direction. Your source should be you internal network and the destination should be the URL set of the address you want to ban if you are trying to block out going requests.
If you are still having problems use the Logging tab as it will tell you what rule is denying the request and if your user is authenticated. Monitoring -> Logging (tab)
Hope this helps,
Last Post: 19th April 2010, 04:50 PM
By Modey in forum Wireless Networks
Last Post: 23rd April 2008, 12:28 PM
By jmair in forum Network and Classroom Management
Last Post: 13th November 2007, 11:48 PM
By SimonC in forum Windows
Last Post: 13th February 2007, 11:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread