RE: Firewall Client Machines and URL Restriction.

  • From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 30 Oct 2005 22:20:18 +0100

Hi Bill, 

Check out http://www.isaserver.org/articles/ISA2004_AccessRules.html. 

HTH, 
Stefaan

-----Original Message-----
From: William T. Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] 
Sent: zondag 30 oktober 2005 22:13
To: [ISAserver.org Discussion List]
Subject: [isalist] Firewall Client Machines and URL Restriction.

http://www.ISAserver.org

Hello,

To begin with I have never really looked much at the firewall client. I have
a couple of machines that I have configured for my children and I would like
to create a restricted list of websites that they can go to when the log on.


I want a "mixed" network in which I have Secure NAT clients (already have
these) and some hosts with Firewall clients.

When someone logs onto a Firewall Client machine I should be able to apply
Firewall rules based on that person's identity correct?

What I would like to do is have the firewall clients restricted to a
specific set of Protocols and Sites (based on a URL set).

However when I create such a rule and include a user set it blocks all
systems regardless of who is logged on. Unless I am mistaken a Secure NAT
Client is always anonymous to the firewall correct?

I have also noted in my firewall logs that when one of the Firewall Client
Machines browses the network that no usernames are displayed in the log
entries. I though this would be a "side effect" of having a firewall client
machine. The client username is always being set to anonymous. 

Again what I would like to achieve is:

Have Secure NAT clients remain unaffected.

Have Firewall Clients gain internet access based on their active directory
group membership.


Thanks for any insight

Bill
 






------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



Other related posts: