How I can implement this case with ISA?

• From: Morvan Daniel Muller <morvan@xxxxxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Thu, 03 Jan 2002 12:09:47 -0300

I have difficulty with ISA because isn't possible associate 
protocol, source and destination in the same rule.

My problem is with this follow case:

1) all_snat_ips  allow  HTTP to       any_internet_dest     anytime
2) all_snat_ips  allow  FTP  only-to  my_public_ftp_server  anytime
3) some_snat_ips allow  FTP  to       any_internet_dest     anytime

ISA need to match one rule in "protocol rules" and in "site and content
rules" to allow the request, so:

* Protocol Rules
FTP  allow anytime applies-to(all_snat_ips)
HTTP allow anytime applies-to(all_snat_ips)

* Site and content Rules:
RuleName = OpenAccess
Destinations = All
Schedule = Always
Action = Allow
AppliesTo = all_snat_ips
HTTP Content = All content Groups

I need an "OpenAccess rule" to grant HTTP to all internet destinations.
But so I too permit FTP and I don't like it. 
The problem is that I can't associate the protocol, source and destination
in the same rule and ISA don´t use sequence, only process
deny before allow rules.

Obs. The client set "some_snat_ips" is part of the client set "all_snat_ips".

Any suggestions.

Regards, 


Morvan Daniel Muller 
morvan@xxxxxxxxxxxxxxx
Analista de Suporte - Softplan/Poligraph
Sistema da Qualidade Certificado - ISO9001 - BRTUV/INMETRO
Fone: 0XX(48)333-0389
Florianópolis - SC

Other related posts:

• » How I can implement this case with ISA?
• » Re: How I can implement this case with ISA?

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---