Re: first network policy rules

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

thank you so much. i literally was tearing my hair out because i couldn't see
where i'd gone wrong and none of the articles i was using pointed to this
solution at all. i will try it later today & let you know how i get on.

thanks once again

"Phillip Windell" wrote:

You're fairly close, but delete those Rules and start over. Here is a
pattern to follow that will get you going for just normal Web Access for the
"humans". I am going to treat this as if you want to allow access to
specific users and not just blindly allowing it anonymously.

Create a User Set:
Name: Regular Internet Users
Memebers: (adds users or groups you want to this)

Create a Computer Set:
Name: AD/DNS Machines
Members: (add your Active Directory Domain Controllers to this)

Create anther Computer Set:
Name: External DNS Servers
Members: (add your ISP's DNS Servers to this)

Create two Access Rules:

#1
Name: External DNS Resolution
Source: AD/DNS Machines (the Computer Set you created)
Destin: External DNS Servers (the other Computer Set you created)
Protocol: DNS (not DNS Server)
Users: "All Users"

#2
Name: Standard Authenticated Internet Access
Source: Internal
Destin: External
Protocol: HTTP, HTTPS, optionally FTP (the FTP is download-only by default)
Users: Regular Internet Users (the User Set you created)

DNS Setup
1. All machines on the LAN use the AD/DNS machine and *only* those. The ISA
is the same way.

2. Add the ISP's DNS Servers to the Forwarders List within the config of the
AD/DNS service.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------





"Roly" <Roly@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9F4940ED-6AC6-4522-957D-61104B2AD972@xxxxxxxxxxxxxxxx
i created a rule to allow all web traffic, from my internal network, to the
internet (external networks) for protocols http, https & ftp. i also
created
an access rule to allow dns resolution and a netbios (datagram) rule as
this
was highlighted by the analyser. all of these rules apply to the default
'all
users' group and a company all users group that i created and which
contains
all the users on our test network. the isa server is a member of my test
domain and intergrates with ad etc.

thanks in advance for any help that you can give

"Phillip Windell" wrote:

What rules did you create? Be specific.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those
of
my employer or anyone else associated with me.
-----------------------------------------------------


"Roly" <Roly@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F770F8E4-6A48-451A-BA40-19EBA13F1A9B@xxxxxxxxxxxxxxxx
hi guys,

i wonder if you can help. i have setup isa 2006 on a test domain but
cannot
get any in/outbound traffice through the box. i have run the analyser
tool
and everything seems to be ok but still there is no traffic. this is my
first
ever dalliance with isa and i cannot see where i have gone wrong.

does anyone have any isa network policy rules that they would be good
enough
to send to me so that i can import them onto my box to see if i can
some
traffic through my server? it would be most appreciated. as well as
giving
me
some pointers as to where i'm going wrong.

regards
roly






.

Relevant Pages

  • Re: VPN and access control
    ... the reel problem is with the TSE licence and when a VPN acces is come in, ... It can be very detailed in the Access Rules. ... Understanding the ISA 2004 Access Rule Processing ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.windows.server.networking)
  • Re: Terminal Services slow after ISA 2006
    ... ISA External Adapter ... These settings worked fine until I had installed SP2 on ISA.....and since ... Sorry - only when I TS into the ISA 2006 Server - from anywhere, ... Why would an Access Rules have anything to do ...
    (microsoft.public.isa.configuration)
  • Re: Problem Administering W2K3 Server w/ISA 2006
    ... Internals, and this is primarily so I can back up the server and publish the ... What Access Rules specifically do you speak of. ... This ensures that the ISA System Policies get created ...
    (microsoft.public.isa)
  • Re: Terminal Services slow after ISA 2006
    ... In regards to the removal of SP 2 I actually ended up doing a fresh install ... them ISA server Best Pratices reconized this as Beta Service Pack? ... Internal AD Server set as Forwarders under ALL Other DNS Domains where the ... Why would an Access Rules have anything to do ...
    (microsoft.public.isa.configuration)
  • Re: SharePoint TEAM Services email notifications.
    ... publishing DNS servers. ... it occurred to me that in the process of migrating to ISA ... server, all of the IP addresses on the IIS server were changed from public to private. ... As I am seeming to have DNS issues as well (also related to bringing the DNS Servers behind ISA), ...
    (microsoft.public.isa.configuration)