If they are not using the firewall client they are not authenticating with the ISA server. Have you made these rules apply to user groups? If you have, you need to have the users authenticate so that ISA knows who to apply the rules to. The only other way I can think of doing it is if your users in group B are assigned IP's from one pool and the rest of your users from another. Then assign your rules to these IP pools respectively. John Burridge -----Original Message----- From: Muqeem Syed [mailto:Syed.Muqeem@xxxxxxxxxxxx] Sent: 14 November 2001 16:12 To: [ISAserver.org Discussion List] Subject: [isalist] RE: standalone vs array http://www.ISAserver.org No.. none of them are usinfg the firewall client... is that neccessary...??? Regards -----Original Message----- From: John Burridge [mailto:JBurridge@xxxxxxxxx] Sent: Wednesday, November 14, 2001 6:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: standalone vs array http://www.ISAserver.org Are all your users using the firewall client? -----Original Message----- From: Muqeem Syed [mailto:Syed.Muqeem@xxxxxxxxxxxx] Sent: 14 November 2001 16:06 To: [ISAserver.org Discussion List] Subject: [isalist] RE: standalone vs array http://www.ISAserver.org We have installed ISA server in our production environment. The main intention is for web caching and to control internet acecss to users. I have created a destination set that includes a few sites. We have 2 user groups.. one needs to get full access to the internet while the other should be able to access only the sites mentioned in the destination set. I have created 2 site and contet rules... one allows group a access ot the entire internet and the other allows all users access to the specific sites mentioned in the destionation set. Even though i have mentioned this, the users from group b, cannot access the sites mentioned in the destionation set. Please help me with the confgiuration. Regards -----Original Message----- From: Periyasamy, Raj [mailto:psraj@xxxxxxxxxxxx] Sent: Wednesday, November 14, 2001 6:01 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: standalone vs array http://www.ISAserver.org John, Thanks alot for the information. Regards, Raj -----Original Message----- From: John Burridge [mailto:JBurridge@xxxxxxxxx] Sent: November 14, 2001 10:33 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: standalone vs array http://www.ISAserver.org 1) Yes - you enter two DNS entries for whatever name you choose, and point them to the internal NICS ip address on each 2)To get fault tolerance, install the firewall client on end users machines. Arrays are a real pain in the proverbial if one line goes down. You will get no access for any user until you stop the services on the down server, or the line comes back up. I got around this by installing webtrends on each server, and creating a job that pinged an external router. If it couldnt reach that, I had it run a job that stopped the services, and then ran one to start them when the line came back up. It has worked very successfully so far. 3)You could get load balancing, as the DNS entry will alternate which server you are sent to, but you will not get fault tolerance without the Firewall Client. John Burridge -----Original Message----- From: Periyasamy, Raj [mailto:psraj@xxxxxxxxxxxx] Sent: 14 November 2001 15:31 To: [ISAserver.org Discussion List] Subject: [isalist] standalone vs array http://www.ISAserver.org I am currently managing two standalone ISA serevrs load balanced with NLB for internal users. All users access the ISA using the NLB virtual host name. I am planning to migrate these two servers to an array (since our AD is now in place). Once the array is inplace NLB will be uninstalled.None of the clients are using firewall client in my network. Questions: 1) Once I migrate to an array, will it be possible to access the array using a virtual host name like used by NLB. How is the virtual name assigned to the array? 2) How is the fault tollarance and load balancing applied to the clients? Currently none of my clients are using the auto configuration script, They point to the VHost name of the NLB host. 3) Is it possible to make use of the array's FT and LB features without using the firewall client in workstations? I would appreciate all inputs... Thnaks in advance. Regards, Raj ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jburridge@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: psraj@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: syed.muqeem@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jburridge@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: syed.muqeem@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jburridge@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')