Share Knowledge to the world: ISA Server 2006

ISA Server 2006

1-Create Rule To Allow Internet Access for ISA and User
-----------------------------------------------------------------
-Open ISA Server => Array => Server name => Firewall Policy => Right-Click
=>News-Access Rule ... - Access rule name: Allow internet access for ISA
and Users => Action: Allow => All Outbound Traffice - From Source:
Local Host and Internal => Next => To Destination: External => Finish
=>Apply-Test Open internet both at ISA machine and User PC.

------------------------------------------------------------------------
2-Creat Rule to Block Yahoo Messanger

-Open ISA Server=> Array => Server Name => Firewall Policy => Right-click
=> New =>Access Rule... - Access rule name: Block yahooMSG => New
=> Choose the following:
-Protocol type : TCP
-Direction : Outbound
-Port Range : From: 5000 To: 5050
=2 Next => Finish => Expand User-Defined => Double click on protocol name:
Yahoo MSG => Close - from Source: interal => next => to Destination External
=>Finish =>Apply - Test Sign in yahoo messanger at User PC
------------------------------------------------------------------------
3- Creat Rule to Block User download software

-Open ISA Server => array => Server name => Firewall Policy => Right-click
=>New=>Access Rule... - Access rule name: Block download => Action: Allow
Outbound Traffic - From Source: Internet => Next => To Destination : External
=>Finish => Apply - Right-Click on this rule => Configure HTTP => Extension
Tab => Block specified extensions => Add file extensions you want to block :
"exe, bat, com, dll, ocx, cab, rar, zip, tar, pif, js, vbs, flv, swf ..."
-Test downloads software at User PC with allthesoft.com

------------------------------------------------------------------------
4- Creat Rule to Block URL website Google.com
-Open ISA Server => Array => Server Name => Firewall Policy => Right-click
-New => Access Rule ... - Access rule name: Block Google.com => Action: Deny
=> All Outbound Traffic - FROM Source: Internal => Next => To Destination :
Add => new => URL Set => Name: Google => Add: http://google.com => OK
=> Expand: URL Sets => Double click Google URL => Close => Finish
-Test open website google.com at User PC.

------------------------------------------------------------------------
5- Creat Rule to Block User IP
-Open ISA Server => Array => Server Name => Firewall Policy => Right-click
-New => Access Rule ... - Access rule name: Block User IP => Action: Deny
-All Outbound Traffic-From Source: Add =>New =>computer-Name:XP1 =>Computer
IP Address :10.0.0.5 - Expand Computer => Double click on XP1 - Close - next
-To Destination: External - Test open internet on User PC name XP1

------------------------------------------------------------------------
6- Creat Rule for restricted and unrestricted users

*For Restricted User rule:

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click
-New => Access Rule ... - Access rule name: Restricted Users => Action: Allow
-Selected protocols -add-chose the protocols: HTTP, HTTPS, DNS, POP3, POP3S,
SMTP, SMTPS, Yahoo MSG

=>FROM Source: Internal - Next - To Destination: External - finish - Apply
-Right-Click on this rule - Configure HTTP - Extensions Tab
- Block Specification extensions - add file extensions you want to block:
exe, bat,com,dll, ocx, cab, rar, zip, tar, pif, js, vbs, flv, swf...

*For Unrestricted User rule:

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click
-New => Access Rule ... - Access rule name: Unrestricted Users => Action: Allow
All Outbound Traffics

=>FROM Source: Add => New - Computer - name: ITPC - Computer IP Address :
10.0.0.10 -Expand computer - Double click on ITPC - close - next - To Destination:
External - Finish - Apply

=>Test Open internet both at IT Computer and User PC

------------------------------------------------------------------------
7- Bandwidth Splitter for ISA

*Install Software: bspliter2006.exe

-Open ISA Server => Array => Server Name => Expand Bandwidth Splitter-Right-
Click on Shaping Rule - new - rule - Shaping rule name: 64/128=> next - choose
"IP address sets specified below" => Add: Internal - next - Destination: External
=>2 next - choose "Shape incoming and outgoing trafic" - Incoming (kbits/s):64
and Outgoing(kbits/s): 128-next choose "Assign bandwidth individually to each
applicable user/ address"-next - finish - click Monitor to view who download
and where it gets address from ...

------------------------------------------------------------------------
8- Creat Rule to Block User IP Range
-Open ISA Server => Array => Server Name => Firewall Policy => Right-click
-New => Access Rule ... - Access rule name: Block User IP Range => Action: Deny
-All Outbound Traffic-From Source: Add =>New =>computer Set -Name:Accounting Range

=>Computer IP Address :10.0.0.2 -10.0.0.15 - Expand Computer => Double click
on Accounting Range - Close - next

=>To Destination: External

=>Test open internet on User PC Computer IP Address :10.0.0.2 -10.0.0.15

Work?
---------------------------------

=> Block Content:

-Right-click (Block User IP Range)-Properties- Content types- Selected content types ...
-Check HTML Documents, Text ... => ok

- Test open internet on Client Computer IP Address :10.0.0.16

---------------------------------

9- Restricted Internal Network to Other Web (facebook.com => iic.edu.kh):
-Open ISA Server => Array => Server Name => Firewall Policy => Right-click
-New => Access Rule ... - Access rule name: Deny Access facebook => Action: Deny
-All Outbound Traffic-From Source: Internal - next
-To Destination: new - URL set - name: facebook - new - http://*.facebook.com - ok
-add - facebook - 2 next - finish - Right-click (Firewall Policy "Deny Access facebook")
-properties- Action - Deny - Check (Redirect HTTP Re...) - http://www.iic.edu.kh - ok

-Test open internet on Client

---------------------------------

10- Setup VPN Server and Client :

=>Creat new group: VPN_Group and User: vpn_user1

-Open ISA Server => Array => Server Name => Virtual Private Networks( VPN ):

=> Step1: Configure address Assignment Methode and Enable VPN Clients:
-Click Add => Select Server Name
-Set private IP range: From 172.16.0.1 To 172.16.0.10 =>ok
-Click "Enable VPN Client Access" => 10

=> Step2: Specify Windows Users => Add Group: VPN_Group

=> Step3: Verify VPN Properties => Tick "Enable PPTP" =>Ok
Remote Access Config => Tick "External" =>Ok

=>Step4: View Firewall Policy for VPN Client Network:
-Right-click on Firewall Policy => New => Access Rule
-Access rule name: Allow VPN Users to access Internal => Action: Allow
-All Outbound Traffics - From Source: VPN Clients - next
-To Destination: Internal => Finish

=>Step5: View Network Rule:
-Creat new VPN Connection in user PC on the internet as below:
.Username:vpn_user1
.Password:123
.Gateway :192.168.1.253 (public IP of ISA WAN Interface)

-Test connect VPN on internet to dial to internal via ISA VPN on Client

Pages

ISA Server 2006