You misunderstood Tom's statements. It's less about the "where" than about the "what". You used an "all protocols" rule - this is worst part of a bad rule. The next worst part was allowing it to localhost from anywhere. You need to look deeper; "502" is just the HTTP error code; ISA *always* provides an ISA error code to "protected" clients as well and it'll be listed near the bottom of the web page. -----Original Message----- From: Tony.Afriyie [mailto:Tony.Afriyie@xxxxxxxxxxxx] Sent: Sunday, November 13, 2005 12:39 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: [SPAM-HC] - ISA 2004 Configuration - Email found in subject http://www.ISAserver.org Guys, Well, I made a change to the firewall policy and removed the Local Host from the "From/Listener section since Tom thinks that this was a "BAD" idea to have it there in the first place. I also configured the IE Proxy settings on the ISA 2004 server and now I am getting the error "Error code: 502 Proxy Error". I looked this error code up at Microsoft site and MS recommends that an accees rule needs to be created to allow the machine to be able to access the Internet but it does not tell you how or the process and what needs to be put where to make this work. Anybody with any idea as to what needs to be configured in the firewall policy to make the ISA 2004 server itself to be able to access the Internet? Thank you. Tony ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, November 13, 2005 10:45 AM Subject: [isalist] RE: [SPAM-HC] - ISA 2004 Configuration - Email found in subject http://www.ISAserver.org Hi Joseph, Quick tip for you here: this is an example of a very BAD firewall policy. You should always be very carerful of what traffic is allowed *to* the Local Host Network and what traffic is allowed *from* the Local Host Network. In this example, we have a All Open from the Local Host Network OUCH! Its hard to say what the problem is in this situation, because "cannot access the Internet" lacks the specificity required to solve the problem. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] > Sent: Sunday, November 13, 2005 9:39 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: [SPAM-HC] - ISA 2004 Configuration - > Email found in subject > > http://www.ISAserver.org > > Isn't this a case where you need to configure the IE Proxy settings? > > Joseph F. Danielsen, MCSA-Messaging, MCP > Network Blade Inc. > 49 Marcy Street > Somerset, NJ 08873 > (732) 213-0600 > www.NetworkBlade.Com > > -----Original Message----- > From: Tony.Afriyie [mailto:Tony.Afriyie@xxxxxxxxxxxx] > Sent: Saturday, November 12, 2005 1:41 PM > To: [ISAserver.org Discussion List] > Cc: Thomas W Shinder > Subject: [SPAM-HC] - [isalist] ISA 2004 Configuration - Email found in > subject > > http://www.ISAserver.org > > My ISA Server 2004 is up and running fine. All internal > workstations and > > Servers can get on the Internet okay. The only site my ISA Server can > access > is www.microsoft.com. The links on microsoft.com cannot be > accessed. How > do > I configure the ISA server so that I can access any site on the > Internet? I > have even added a firewall policy to: > Action-"allow" > Protocols- "All Outbound" > From/Listener - "Interna/Local Host" > To - "External" > Condition - "All Users" > > But I am still having difficulty accessing the Internet from my ISA > Server > 2004. Any help will be appreciated. Thanks. > > Tony > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jdanielsen@xxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Tony.Afriyie@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.