Re: Help with outside connection

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Tks Phill,
I did what you said, sorry but still can't go out from DC. How can i test
the ISA server?
In the monitoring -- Conectivity shows: Active directory and DNS not
configured.
Alerts -- service started... not errors.
Tks
JFB

"Phillip Windell" <@.> wrote in message
news:e1EjHq3ZFHA.3096@xxxxxxxxxxxxxxxxxxxxxxx
> There isn't anything else. If you followed the path I laid out it will
> work. You will have to look back over the previous posts and see it you
> did
> everything correctly. There isn't much point in me re-writing everything
> all
> over again.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "JFB" <help@xxxxxxx> wrote in message
> news:uvb9uZ3ZFHA.1408@xxxxxxxxxxxxxxxxxxxxxxx
>> Ok Phill,
>> I did all in the array -- ISAServerName because I see all the definitions
>> for Internal IP's there. Still clients can't connect to the internet. I
>> think something is missing in the Enterprise policies.???
>> Or maybe my DNS is not working, or need to be open. Remember I have a
> Domain
>> controller with DNS integrated pointing to my ISA server.
>> Tks for you help
>> JFB
>>
>> "Phillip Windell" <@.> wrote in message
>> news:OJK$FJwZFHA.1368@xxxxxxxxxxxxxxxxxxxxxxx
>> > "JFB" <help@xxxxxxx> wrote in messa
>> > news:eHZamzvZFHA.2916@xxxxxxxxxxxxxxxxxxxxxxx
>> >> That's what I have so far... edge firewall.
>> >> How can I setup the policys inside the ISA to open HTTP for my
>> >> clients.
>> >
>> > That's the easy part. But there are some steps. I assume you want to
> base
>> > it
>> > on specific users and not just anonymously "everybody".
>> >
>> > 1. Select Firewall Policy in the ISA MMC Tree
>> > 2. In the far right window choose Toolbox --> Users -->New
>> > 3. Give the new User Set a usefull name, like "Web Proxy Users" and
> maybe
>> > a
>> > second one called "Firewall Client Users".
>> > 4. Click Add--Windows Users & Groups.
>> > 5. Add the Users or Groups (Groups are prefered) using the *Domain* as
> the
>> > Location, not the ISA Server.
>> > 6. Finish - Repeat the process for the "Firewall Client Users" if you
>> > like.
>> >
>> > For Anonymous Rules you don't need the above steps and can just choose
>> > "All
>> > Users" in the Access Rule.
>> >
>> > Now the Access Rules:
>> > 1. Right-click on Firewall Policy and choose New Access Rule
>> > 2. Give it a useful name like maybe "Authorized Web Proxy Users" and
> maybe
>> > a
>> > scond one called "Authorized Firewall Clients".
>> > 3. Rule Action = "Allow"
>> > 4. Protocols = "Selected Protocols" --> Add
>> > 4a. Expand "Web" and double-click HTTP, HTTPS, and optionally
>> > FTP
>> > 5. Access Rule Sources --> Add,...choose Networks - "Internal"
>> > 6. Access Rule Destinations-->Add,...choose Networks - "External"
>> > 7. User Sets = Remove "All Users" and add "Web Proxy Users"
>> > 8. Click Apply in the main MMC window.
>> >
>> > Repeat the similar process for the Authorized Firewall Clients using
>> > the
>> > "Firewall Client Users" with any other needed Protocols that were not
>> > covered in the previous Rule, like SMTP or POP3 if you require those
> (FTP
>> > should be in Rules). Do not give them what they don't need.
>> >
>> > Web Proxy Clients *only* require the proxy settings in the
>> > Browser,...Default Gateways and the Firewall Client software are
>> > irrelevant.
>> >
>> > The Web Proxy Service *only* supply HTTP, HTTPS, FTP-ReadOnly, and
> Gopher.
>> > Everything else must be supplied by the Firewall Service (or optionally
>> > the
>> > SecureNAT Service, but the Firewall Service is prefered)
>> >
>> > Firewall Clients *only* require the Firewall Client software,...Default
>> > Gateways are irrelevant and Browser proxy settings are unrelated.
>> >
>> > Users can be both Web Proxy Clients and Firewall Clients at the same
> time
>> > if
>> > you give the browser the proxy settings and also install the Firewall
>> > Client
>> > at the same time.
>> >
>> > --
>> >
>> > Phillip Windell [MCP, MVP, CCNA]
>> > www.wandtv.com
>> >
>> >
>> >
>>
>>
>
>


.

Relevant Pages

  • Re: CEICW fails - several errors
    ... The firewall isn't used when ISA is installed. ... On the WAN NIC of your server the DNS has to point to the LAN IP. ... I immediately checked and ISA Server ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA2004 client firewall slow webpage loading
    ... have you configured this new client as web proxy client? ... configure ISA server as your Proxy ... stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)
  • Re: CEICW fails - several errors
    ... On the WAN NIC of your server the DNS has to point to the LAN IP. ... Ethernet adapter Internet Connection: ... I immediately checked and ISA Server ... Management said that Web Proxy, Firewall and ...
    (microsoft.public.windows.server.sbs)
  • ISA Spoofing Issue Using Second Firewall with One to One NAT
    ... Two tier firewall implementation segmenting the Internet, ... ISA Server configured with packet filters ... facing firewall's one to one NAT are seen as a spoof by ISA. ...
    (NT-Bugtraq)
  • RE: [fw-wiz] Strange setup
    ... I have done similar designs with a Cisco PIX and ISA server. ... configure the firewall to only a allow traffic on ports 80 and 443 from ... the ISA server is on the internal network and a static NAT ... > Internet hosts). ...
    (Firewall-Wizards)