Re: Routing an IP
- From: "Stephen Herrera" <sherrera@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 8 Jan 2003 09:43:05 -0800
This is definitely the direction I want to go! Thanks for all your time Jim.
Last question I hope. I can deny http traffic coming in to a specific IP.
For instance I stopped HTTP coming in to the public IP for the app. That
does not stop the app from working because port 80 is still open so all is
well. However, using protocol rules I cannot deny HTTP going out to a
certain IP or destination set. I can only have it open or closed. Is there a
way to block HTTP only to a certain IP from the LAN going out? In other
words I want to stop my LAN from being able to use HTTP to access a server
in the DMZ. Thanks.
Steve
---Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, January 07, 2003 7:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Routing an IP
http://www.ISAserver.org
There are two places where ISA owns port 80:
- Incoming Web Requests listener; you have to set it to operate "per IP" and
remove all IPs where you don't want it to respond to incoming port 80
connections
- Automatic Detection; you can disable it so that ISA no longer listens to
port 80 on the internal interface (all IPs).
You shouldn't have to disable auto-detection, though; the internal clients
should be requesting a DMZ IP address and a protocol rule should handle
that.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
Other related posts:
