Wash, the ISA is a weird animal tips: 1) ISA process rules in ascending order i.e. 1,2,3,4.... 2) Any DENY rules should come *last* i.e. at the bottom of the list 3) In any case you shouldn't need any DENY rules as the last default rule denies everything Don't know if that'll help - but I see you've started with a deny rather than an allow B On Thu, Jul 8, 2010 at 2:38 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
I happen to be familiar with Unix firewalls but this Microsoft one is another - simply does not obey my rules. I need someone expert with it to help me out. I have a LAN in the 192.168.0.0 - 255.255.0.0 address range. ISA is running on SBS 23k. This PC has is multi-homed, with one public interface.
I need to do the following:
1. Allow pop3, pop3s, smtp, smtps, imap and imaps for everyone 2. Deny ALL Internet Access except to a few hosts. These exempted hosts have static IPs dished out via DHCP servers running either on the SBS or Cisco.
Now this is what I have attempted.
(a) Policy no. 1: Action = Deny; Protocols = All outbound traffic except selected (like above), From = Internal (with Exceptions), To = External (b) Policy no. 2: Action = Allow; Protocols = Selected (FTP, HTTP, HTTPS) From = Internal; To = Selected Websites ....
Then I have the default Last Rule that DENYs everything.
What happens is that rule 1 stops the guys even from Accessing their e-mails and does NOT allow the PCs in the Exception list to access the Internet.
I am stumped.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Brian Munyao Longwe e-mail: blongwe@gmail.com cell: + 254 722 518 744 blog : http://zinjlog.blogspot.com meta-blog: http://mashilingi.blogspot.com