Re: Suggested ISA rules

Rayhaan wrote:

I got it!!!!

My error: I created the deny rule for the Restricted Users group from
internal to "advert", but I didn't create the allow rule for the Restricted
Users group from internal to external which has to be under the deny rule.


In the absence of a matching Allow rule, eventually a request will get blocked by the last "Deny All" rule.

Using the ISA logging to review what happened to requests (either live or using the Last Hour [or longer] options) and customising the columns that are returned lets you easily see which rule was applied to any request, whatever the outcome for the request.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
.

Relevant Pages

  • Re: OT: Remote Patching
    ... workstations. ... Sometimes they remember my request and sometimes they do ... Jim B. SBS MVP ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: ISA Server 2000
    ... I have it setup to 1) First rule to allow access to all sites. ... As soon as i take it off any request it allows everyone access. ... Steve Foster [SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA Authentication
    ... how can I configure the ISA Server to request an ... authentication from any user that is trying to access the internet? ... It denies all unauthenticated requests with an "Authentication Required" response. ... Steve Foster [SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: SMTP Email collection over ADSL
    ... > (Vigor) so no problem. ... but if he is using SMTP the request will not be from inside the ... The SMTP connection will be initiated by the mailserver on the ... Javier [SBS MVP] ...
    (microsoft.public.backoffice.smallbiz2000)