http://www.ISAserver.org ------------------------------------------------------- Well, just in case if somebody was thinking on doing the same stupid thing I did. I'm going back to ISA2006 with Websense. Regards Diego R. Pietruszka -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR Sent: Tuesday, September 21, 2010 11:09 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Filtering URLs with TMG http://www.ISAserver.org ------------------------------------------------------- Hello all (sorry for the long email) I migrated to TMG hopping to get rid of Websense. Websense works pretty good doing what is supposed to do, but the integration with ISA and all the 10000 services running on different servers make it kind of annoying some times. The point is, we have different categories of users and I have a rule on TMG allowing Internet access for each category or group (just to the sites listed on the URLs sets). That rule is basically saying if you are member of AD group A, you are allowed to the URLs listed on this URL set, if you are on AD group B then you have access to the URLs listed on another URL set and so on. That scenario worked fine with Websense. If I allowed group A to go to *.thisparticularsite.com, the thing simply worked. On TMG is not that easy, I have several examples where even if we add all the possible combinations for a URL to match, TMG will still block access to the page, in some cases I had to add IP addresses or even ranges of IP addresses to have the users accessing those sites. A case I was working just now was https://www.firstfederalbankonline.com , where even if I added all the below listed options to the allowed URL set, the thing will not work. *.firstfederalbankonline.com firstfederalbankonline.com https://www. firstfederalbankonline.com firstfederal.com *.firsfederal.com The last 2 where added because I found the page accessing that URL while loading. TMG always was showing an entry blocking something, that something had no URL detail on the log but was one of the IPs on the bank's class C subnet. So I finished adding the entire class C range to my rule and things started working fine. So here is the question. I'm doing something wrong (on the way I'm implementing the rules), or this is a regular behavior and I will have to either leave with it or install Websense or another app again? Thanks for any info on this. Regards Diego R. Pietruszka ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx