ISA 2006 URL whitelist

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › ISA 2006 URL whitelist

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Topic # 69963 15-Oct-2010 17:26

I'm planning on a three-leg backend firewall configuration of ISA, but before I go any furhter I'm wanting to know if anyone can confirm that I can create URL whitelist definitions for a internal network

Regs

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted

Microsoft NZ

Subscriber

Reply # 392423 15-Oct-2010 23:23

yep. if its for HTTP or HTTPS sites you can 'whitelist' domain names. for other traffic you can allow by ip address.

you can also whitelist for only authenticated users (e.g. IE users with domain login), or for anonymous access (SNAT).

Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Reply # 392486 16-Oct-2010 08:59

That's the feature I seek to try out, here I go down the rabbit hole. I had no idea about the authenticated user aspect, that will save me having to further split the network.

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Reply # 395837 26-Oct-2010 15:22

thanks, this was a lot easier that I expected and the desired lock down has been implemented. My mindset was the wrong way around, i.e. I was thinking in the space of an open network, locking down HTTP/HTTPS the opening URLs, however, installed with template option of no access and only open what I want to allow, this has proven to be quite user friendly in the end (after a few false starts ;-)

Regs

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted

Microsoft NZ

Subscriber

Reply # 396037 26-Oct-2010 22:52

good to hear :)

Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Reply # 396100 27-Oct-2010 08:12

Two remaining challenges are Publishing and VPN. Life is a journey :-)

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Reply # 396139 27-Oct-2010 10:05

Does anyone know if you can control DHCP bindings in Server 2003 like you can in 2008?

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Reply # 396663 28-Oct-2010 08:44

and the answer is no, this is not available in 2003, only 2008. So, does my old P4 have 64bit extensions so I can install 2008 & forefront, lets find out ...

Regs

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted

Microsoft NZ

Subscriber

Reply # 397081 28-Oct-2010 22:55

lyonrouge: and the answer is no, this is not available in 2003, only 2008. So, does my old P4 have 64bit extensions so I can install 2008 & forefront, lets find out ...

if you need to know, grab this 100k tool, run on the installed OS, and it will tell you in seconds:
http://www.grc.com/securable.htm

output is like this:

Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Reply # 398314 1-Nov-2010 08:06

Again, another big thanks. This rebuild has really turned out to be bigger than ben hur.

lyonrouge

1990 posts

Uber Geek
+1 received by user: 20

Trusted

Lifetime subscriber

Reply # 398322 1-Nov-2010 08:22

this little gem in the help screen I liked

"it's also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop"