Re: RULES DONT WORK
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 26 Mar 2003 08:12:39 -0800
Destination sets shouldn't include client address sets that reflect internal
clients.
Your existing rules are the equivalent of instructing ISA to disallow
traffic if it:
1. comes from these clients
2. is destined for these clients
..since ISA will never see traffic of this shape, the rule never fires and
all things are allowed.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Lubo¹ Kováø" <lkova@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, March 26, 2003 04:36
Subject: [isalist] RULES DONT WORK
http://www.ISAserver.org
I have Client address sets defined. Then I have Protocol rules defined -
only HTTP and FTP allowed for specified Client address sets. Then I have
Site and Content rules defined. I set rule "All destinations except
selected set". I have set one destination set named "Restricted access"
with defined sites which users from Client address sets cannot access.
Now I see that some clients can access these restricted sites. Where is
problem?
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
