[isalist] Re: Filtering URLs with TMG
- From: D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR <DPietruszka@xxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 29 Sep 2010 10:19:35 -0400
http://www.ISAserver.org
-------------------------------------------------------
Well, just in case if somebody was thinking on doing the same stupid thing I
did.
I'm going back to ISA2006 with Websense.
Regards
Diego R. Pietruszka
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Sent: Tuesday, September 21, 2010 11:09 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Filtering URLs with TMG
http://www.ISAserver.org
-------------------------------------------------------
Hello all (sorry for the long email)
I migrated to TMG hopping to get rid of Websense.
Websense works pretty good doing what is supposed to do, but the integration
with ISA and all the 10000 services running on different servers make it kind
of annoying some times.
The point is, we have different categories of users and I have a rule on TMG
allowing Internet access for each category or group (just to the sites listed
on the URLs sets).
That rule is basically saying if you are member of AD group A, you are allowed
to the URLs listed on this URL set, if you are on AD group B then you have
access to the URLs listed on another URL set and so on.
That scenario worked fine with Websense. If I allowed group A to go to
*.thisparticularsite.com, the thing simply worked.
On TMG is not that easy, I have several examples where even if we add all the
possible combinations for a URL to match, TMG will still block access to the
page, in some cases I had to add IP addresses or even ranges of IP addresses to
have the users accessing those sites.
A case I was working just now was https://www.firstfederalbankonline.com ,
where even if I added all the below listed options to the allowed URL set, the
thing will not work.
*.firstfederalbankonline.com
firstfederalbankonline.com
https://www. firstfederalbankonline.com
firstfederal.com
*.firsfederal.com
The last 2 where added because I found the page accessing that URL while
loading.
TMG always was showing an entry blocking something, that something had no URL
detail on the log but was one of the IPs on the bank's class C subnet. So I
finished adding the entire class C range to my rule and things started working
fine.
So here is the question.
I'm doing something wrong (on the way I'm implementing the rules), or this is a
regular behavior and I will have to either leave with it or install Websense or
another app again?
Thanks for any info on this.
Regards
Diego R. Pietruszka
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
