Since you're using user/group-based rules with SurfControl on ISA, the best choice is "Reject", IMHO. That way, no one who can't auth to the ISA will get access. Then, SC can filter to it's heart's content. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Kincer, Rick" <Rick_Kincer@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 17, 2002 10:50 AM Subject: [isalist] HTTP Redirector that rejects all HTTP traffic http://www.ISAserver.org Hello, We have ISA Enterprise edition in Integrated mode in an NT environment being load balanced with RainWall. I have the HTTP Redirector disabled because I want to monitor, log and control Internet access, but in doing so I noticed that the Firewall clients can still access HTTP, I want to force them to be Web Clients and allow firewall clients to be used for FTP, RA and other apps. There is a setting in the HTTP Redirector that rejects all HTTP traffic, My question is: If I enable the Redirector and select the Reject HTTP selection will I still be able to log, monitor and using Site and Content Rules control the access of those using the Firewall Client? Will enabling this bypass the control? Won't they be forced to be a Web Client and the Firewall client will only be used for other apps? I enabled the Redirector once before and our Citrix ICA clients stopped working. Thanks for all your help! Rick List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')