Tom, It appeared on alerts tab. I disabled the rule and restarted the server. Everything came back fine. So I tried re enabled the rule for one more test. Some how it is working fine now about 20 minutes and no error yet. Interesting. I also tried and fire fox direct access didn't work. Lovely (!!!) Is it safe enough to add tcp 443 outbound and 21 tcp outbound for https and ftp without filters bound to them? Thank you sir -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, April 05, 2005 12:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Block Web access for non-Web Proxy clients http://www.ISAserver.org Hi Ara, Where do you see this error? Sounds like maybe a coincidence. Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Ara [mailto:ara@xxxxxxxxxxxxx] Sent: Tuesday, April 05, 2005 2:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Block Web access for non-Web Proxy clients http://www.ISAserver.org Tom and Dan, I don't what I have done wrong here. Created a protocol, tcp outbound port 80, didn't add proxy filter to it. Created a deny rule on top based on this protocol. Everybody got the firewall client installed. Now I get the error that unable to bind the web filter, because some other service is using it and no internet at all Any idea? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, April 05, 2005 12:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Block Web access for non-Web Proxy clients http://www.ISAserver.org Hi Dan, You bet. And to carry it one step futher, you could add the FTP control channel port to the Protocol Definition and force all FTP connections through the Web proxy :) Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Tuesday, April 05, 2005 2:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Block Web access for non-Web Proxy clients http://www.ISAserver.org True, you should be able to add that port into the protocol definition created in your instructions also. Glad you pointed that out, forgot about that, all they'd have to do is switch to https (if that site supported it) instead of http and it would go through after all... -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, April 05, 2005 13:34 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Block Web access for non-Web Proxy clients http://www.ISAserver.org Hi Roy, The users will still be able to disable the Web proxy settings. They just won't be able to get to any resources requiring outbound access TCP 80, and I assume we can do the same thing with TCP 443, since the same principles apply. Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ara@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ara@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx