ISA 2006 URL whitelist

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › ISA 2006 URL whitelist

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#69963 15-Oct-2010 17:26

I'm planning on a three-leg backend firewall configuration of ISA, but before I go any furhter I'm wanting to know if anyone can confirm that I can create URL whitelist definitions for a internal network

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#392423 15-Oct-2010 23:23

yep. if its for HTTP or HTTPS sites you can 'whitelist' domain names. for other traffic you can allow by ip address.

you can also whitelist for only authenticated users (e.g. IE users with domain login), or for anonymous access (SNAT).

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#392486 16-Oct-2010 08:59

That's the feature I seek to try out, here I go down the rabbit hole. I had no idea about the authenticated user aspect, that will save me having to further split the network.

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#395837 26-Oct-2010 15:22

thanks, this was a lot easier that I expected and the desired lock down has been implemented. My mindset was the wrong way around, i.e. I was thinking in the space of an open network, locking down HTTP/HTTPS the opening URLs, however, installed with template option of no access and only open what I want to allow, this has proven to be quite user friendly in the end (after a few false starts ;-)

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#396037 26-Oct-2010 22:52

good to hear :)

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#396100 27-Oct-2010 08:12

Two remaining challenges are Publishing and VPN. Life is a journey :-)

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#396139 27-Oct-2010 10:05

Does anyone know if you can control DHCP bindings in Server 2003 like you can in 2008?

AliExpress

Shop now on AliExpress (affiliate link).

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#396663 28-Oct-2010 08:44

and the answer is no, this is not available in 2003, only 2008. So, does my old P4 have 64bit extensions so I can install 2008 & forefront, lets find out ...

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#397081 28-Oct-2010 22:55

lyonrouge: and the answer is no, this is not available in 2003, only 2008. So, does my old P4 have 64bit extensions so I can install 2008 & forefront, lets find out ...

if you need to know, grab this 100k tool, run on the installed OS, and it will tell you in seconds:
http://www.grc.com/securable.htm

output is like this:

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#398314 1-Nov-2010 08:06

Again, another big thanks. This rebuild has really turned out to be bigger than ben hur.

lyonrouge

1993 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

#398322 1-Nov-2010 08:22

this little gem in the help screen I liked

"it's also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop"