Registered users    
MembershipMembership:
Latest New UserLatest:jenisa villarin
New TodayNew Today:12
New YesterdayNew Yesterday:10
User CountOverall:23322
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12893
Marina Roos12507
Eriq Neale2114
Stan Guinn1913
Michael Patrick1912
Robert Pearman1770
Nick Pieters1425
Stewart Brown616
william warren598
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004
Subject: order of rules, blocking and allowing
Prev Next
You are not authorized to post a reply.

Author Messages
Jo Lambrecht User is Offline
Belgium
Member since
5/24/2005

Platinum Membership
Posts: 164
5/11/2007 09:50 AM  
Hi,
 
We use a bankingsoftware "isabel" (wich always causes problems, to install, to use etc... its not the best software around).  But hey, you're forced to use it by the banks.
 
When the SBS2003 premium was installed (about a year ago) we had to create a rule (helpdesk bank) wich allows all traffic from all users to the outside.  (????) At that point ISABEL worked. so we left it that way.
 
Last week they called me to block 2 users from the internet. So i followed the whitepaper (Block Internet access for certain URL's and security groups). So that worked.  But now the lady who uses ISABEL calls in to say she can't use it anymore. If i change the order of the rules, then she can work but the 2 blocked users can surf the net again and vica versa.
 
These are the rules :
 
1. ISABEL rule :
Allow -> All outbound traffic -from- Internal -to- External -for- all users
 
2. Blocking rule :
Deny -> all outbound traffic -from- Internal -to- Blocked websites -for- sbs restricted users
 
In that order the banking software works. If i switch the order. The banking software doesnt work anymore, nevertheless that the blocking rule is only for the sbs restricted users ??????
 
If in the first rule, i change "all users" to a security group with one user (the lady of the banking software), then the software doesn't work also ?????
 
Greetz,
Jo
Michael Patrick User is Offline
United States
Member since
10/26/2005

Platinum Membership
Posts: 1912
5/11/2007 07:23 PM  
You can create the blacklist and block that traffic....but at the same time you can allow for a "White List". That way your White List can contain your ISABEL and perhaps others that need access to.
Michael Patrick

"Technology Interpreter Extraordinaire"
CAD, BIM & SBS
Michael Patrick User is Offline
United States
Member since
10/26/2005

Platinum Membership
Posts: 1912
5/11/2007 07:24 PM  
Huh...my edit is gone again.....I forgot to mention that was all in one rule, not two of them. Think of it as an If/Then/But statement :)
Michael Patrick

"Technology Interpreter Extraordinaire"
CAD, BIM & SBS
Jo Lambrecht User is Offline
Belgium
Member since
5/24/2005

Platinum Membership
Posts: 164
5/12/2007 12:02 PM  
???
If you go to the wizard of creating a new access rule, the first window is to allow OR to deny.
But you can't select allow and deny in one access rule ?
 
How do you do that ?
 
Greetz,
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
5/14/2007 02:36 PM  
Hi Jo,
 
No, you can't select both allow and deny in one rule. What you can do, is select deny, and after you have created the rule, go to the properties again, and in tab Action you can redirect to e.g. the companyweb if the user is trying to access the website(s) you have denied.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Jo Lambrecht User is Offline
Belgium
Member since
5/24/2005

Platinum Membership
Posts: 164
5/14/2007 03:35 PM  
Hi,
 
Maybe i didn't explain myself clearly. The redirect you say, worked fine immidiatly (made my one webpage)
 
I have 10 users (all have initial internet access)
1 user uses a banking program ISABEL (wich needs a isa rule to function)
2 users need to be denied access to the internet.
 
So i created 2 rules in ISA :
For the blocked guys, i followed the whitepaper (Block Internet access for certain URL's and security groups). 
 
Rule 1 (for the banking software)
Allow -> All outbound traffic -from- Internal -to- External -for- all users
 
Rule 2 (for the blocked guys)
Deny -> all outbound traffic -from- Internal -to- Blocked websites -for- sbs restricted users

In that order the banking software works and the users that needed to be blocked can surf the internet. If i switch the order, the banking software doesnt work anymore, nevertheless that the blocking rule is only for the sbs restricted users ??????
 
If in the first rule, i change "all users" to a security group with one user (the lady of the banking software), then the software doesn't work also ?????
 
Greetz,
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
8/13/2007 02:02 AM  
Hi Jo,
 
Did you figure this out yet?
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Jo Lambrecht User is Offline
Belgium
Member since
5/24/2005

Platinum Membership
Posts: 164
8/13/2007 08:41 AM  
hi,
 
No, what i did was, throw the 2 users, ho need to be blocked,  out of the "internet users".
so they can't surf anymore.  The solution is not so nice, but it works.  As i've been spending hours and days already at that stupid bank-software (isabel), that seemed to be the only way to do it.
 
Regards,
Jo
You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004 > order of rules, blocking and allowing


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.3593773 seconds.   :   Terms Of Use   :   Privacy Statement