With the policy server on a different computer, how well does it perform? Have you noticed any excessive traffic? This was my reasoning behind putting it on the ISA server itself: Present Configuration: User->ISA (Policy Server)->Internet Separate Policy Server: User->ISA->Policy Server->ISA->Internet With almost a thousand mad clickers hitting the server all at once, I was hoping to keep things moving as smoothly as possible. But, with the 502 errors and the "this web page is trying to open a page on your intranet" errors, and the problems getting the log files to work, I'm considering moving it. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Tuesday, September 08, 2009 7:38 AM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: Websense Block Page That might be part of it, I installed the policy portion of Websense on the ISA server to cut down on the amount of internal traffic generated. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson Sent: Tuesday, September 08, 2009 7:34 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Websense Block Page Hi, In our scenario if a user goes to a page which is blocked, the Websense plugin causes a redirection to the Websense policy server, where there is a web server that displays the blocked page. I don't have any specific rules in ISA for Websense other than allowing the Websense ISA plugin to talk to the filtering machine. I may have missed something? Thanks. Andrew. Andrew Hodgson Senior Systems Administrator/Projects Engineer Direct Line Tel: 01432 852332 Email: andrew.hodgson@xxxxxxxxxx Please do not print this email unless absolutely necessary. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: 08 September 2009 12:29 To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Websense Block Page For you guys running Websense, how do you handle the blocked page notification? Apparently it creates a nice little cgi script that runs on the ISA server itself which generates the blocked page notification. Right now I have a single TCP port opened up to the localhost on the ISA server, which allows the page to show (but quite often goes to the ISA 502 page until refreshed), but I don't really like opening any ports to the localhost. Anyone have a better configuration? -------------------------------------------------- Dan Ball Network and Systems Technician Marquette Area Public Schools 1103 West College Avenue Marquette, MI 49855 E-Mail: dball@xxxxxxxxxxx<BLOCKED::mailto:dball@xxxxxxxxxxx> Phone: (906)225-5779 Fax: (906)225-5377 -------------------------------------------------- [cid:image001.gif@01CA3125.57258C70] allpay achieved PCI DSS and ISO 27001 certification in 2008 Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0844 225 5729, Fax: 0844 557 8350. Website: www.allpay.net Email: enquiries@xxxxxxxxxx<mailto:enquiries@xxxxxxxxxx> This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay Information Security Manager at the number above.