Unable to block domains using domain name set
- From: "AlexC" <alexc@xxxxxxxxxxxx>
- Date: Thu, 4 May 2006 14:02:01 -0500
am trying to block access to particular domains for secure nat clients.
I have a rule called "blocked web sites" and it is first in the list of
rules. It is set to deny all traffic from Internal network to particular
domain name set
(screen shot at http://img390.imageshack.us/img390/8273/isa8zn.jpg).
I have another rule called "Full access" next in the list to allow full
access from Internal network to External network.
Now if I go to my workstation and set ISA as proxy server in IE properties I
cannot get web access to domains from blocked list.
But if clear all setting in IE it will allow me to open web site from
blocked domain list.
I tried to monitor connections in ISA logging tab and I figured that if I
try to access blocked domain from workstation without proxy settings - ISA
will ignore "Blocked web sites" rule and will use "Full access" rule to
give this workstation access to Internet (screen shot
http://img145.imageshack.us/img145/773/isa23iz.jpg).
I can see some packets blocked by "Blocked web sites" rule, but these done
have any information in "URL" column and I am still successfully can open
any domain from blocked domains list.
How can I block access to particular domain without setting all my
workstations to use ISA as proxy and without installing Firewall clients on
all workstations?
.
- Prev by Date: Implementing a Proxy server with ISA 2004
- Next by Date: Re: Firewall Service Fails to start automatic
- Previous by thread: Implementing a Proxy server with ISA 2004
- Next by thread: Re: Unable to block domains using domain name set
- Index(es):
Relevant Pages
|
