MessageYou're right; you can't limit protocol rules "to" anything. You can limit what machine has access to it with Client Address Sets, though Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: Stephen Herrera To: [ISAserver.org Discussion List] Sent: Wednesday, January 08, 2003 09:43 Subject: [isalist] Re: Routing an IP http://www.ISAserver.org This is definitely the direction I want to go! Thanks for all your time Jim. Last question I hope. I can deny http traffic coming in to a specific IP. For instance I stopped HTTP coming in to the public IP for the app. That does not stop the app from working because port 80 is still open so all is well. However, using protocol rules I cannot deny HTTP going out to a certain IP or destination set. I can only have it open or closed. Is there a way to block HTTP only to a certain IP from the LAN going out? In other words I want to stop my LAN from being able to use HTTP to access a server in the DMZ. Thanks. Steve ---Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, January 07, 2003 7:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Routing an IP http://www.ISAserver.org There are two places where ISA owns port 80: - Incoming Web Requests listener; you have to set it to operate "per IP" and remove all IPs where you don't want it to respond to incoming port 80 connections - Automatic Detection; you can disable it so that ISA no longer listens to port 80 on the internal interface (all IPs). You shouldn't have to disable auto-detection, though; the internal clients should be requesting a DMZ IP address and a protocol rule should handle that. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')