Re: Rule Schedule

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Please follow this URL for getting a better understanding on rule processing
(the order of your rule matters!):
http://www.isaserver.org/articles/ISA2004_AccessRules.html

You can prevent securenat client access across the firewall. Make sure that
anonymous access is not allowed. (on ISA management console --> Networks. On
the right tab (bottom), rightclick "Internal" --> Properties -->
Authentication --> "Require all users to authenticate" should be selected.

After applying this, make sure everything else works as well.

Shijaz
www.shijaz.com



"Muthu" wrote:

Hi Shijaz, Thanks for your reply...

I have several rules abv lunch break rules...could you please give me a
simple run-through on how to organize the rules you suggested? also is it
possible to restrict HTTP & HTTPS traffic to use only webproxy and not
secure nat.

What i have allowed in the lucnh break rule is only dns, http and https, but
still yahoo and google talk messenger continous to work after the rule goes
inactive but not msn messenger.

regds,
KLM


"Shijaz" <Shijaz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66D3AF53-5F6E-42B2-9547-B5EE74032B5B@xxxxxxxxxxxxxxxx
The secureNAT session will remain active even after the allowed time has
elapsed.

Try restructuring your rules as:

1. Allow Everything during lunch break (*happy hours*)
2. Deny Yahoo
3. Deny MSN
4. Deny *whatever*

Allowing/Denying IM and other protocols:
http://www.shijaz.com/isaserver/IM_Protocols.htm

Shijaz
www.shijaz.com


"Muthu" wrote:

I run ISA 2004 and i have rule to allow everyone to access Internet
during
after office hours and lunch time. I allowed http, https, msn & yahoo
ports
in that rule.
What happens is, the secure nat session established during the allowed
time
of the rule is not getting disconnected when the rule goes inactive. It
works fine for for webProxy but not secure NAT, so yahoo & msn chat
continous to work even while the rule is not active.
how do i resolve this issue?

regards,
KLM






.

Relevant Pages

  • Re: Rule Schedule
    ... possible to restrict HTTP & HTTPS traffic to use only webproxy and not ... Allow Everything during lunch break ... Deny Yahoo ... Deny MSN ...
    (microsoft.public.isa)
  • Re: Need advice about hacking and security
    ... All of my email accounts - Hotmail, Yahoo, ... > Outlook also requires a lot of tweaking to secure it. ... In some states, there are laws with teeth, ... > You probably need a firewall to start. ...
    (comp.security.misc)
  • Re: is that a good offer for a server installation?
    ... SO linux based upon kernel 2.6xx ... installation of cwfm (a software that manages files, at first I believed that should be created by them, but then I found out to be free on the net http://cwfm.sourceforge.net) upload and download are managed via http ... they told him that ftp is not secure for this and their program is based ... they use a https connection then it should be secure enough. ...
    (comp.infosystems.www.servers.unix)
  • Re: Encrypted or Not Encrypted
    ... Optimally they should enter their creds after ssl has setup the secure session, ... The handshake requires that the client initiate the SSL connection. ... The agent acting as the HTTP client should also act as the TLS ...
    (Security-Basics)
  • Re: Looking for a "secure" alternative to MSN.
    ... You can use MSN or Yahoo in a more secure capacity by employing an encryption ... Looking for a "secure" alternative to MSN. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)