restriction web site list


    Sponsored Links


  • 1. VPN error 619 & 721
    Hello, We have setup a VPN with our ISA server and it has been working just great for sometime and as recent as yesterday. However today when we try to connect to it we get an error 619 and or a error 721. Does anyone know what this could be. I tried restarting the RRAS services on the ISA, no affect. Then I tried restarting the ISA services, still nothing. I then went as far as restarting the ISA machine itself, still nothing. To my knowledge no changes have been made on the ISA server. What do you think this could be? Thank you in advance for your help! -- Wade Preston Baldwin Filters
  • 2. SMTP message filtering question
    I have a question regarding the filtering of e-mail using ISA and the message filtering option. Background: We have an employee who no longer works here, and is on every spam list known to man. I want to stop receiving mail for that person. network layout: web server/IIS SMTP message screener on a seperate computer from the ISA server. That webserver is not part of the domain, and it forwards to a smart host (exchange 5.5) located behind the ISA server (the exchange box is also seperate from ISA box) Solutions tried: I have changed their e-mail address but I don't like sending back bounced messages with inside topography to spammers. I tried adding the e-mail address of the old employee as a keyword for the SMTP extension to filter, it does not work. I also tried surrounding the address with <>, "", and using wildcards, but no luck. It still makes it past the external SMTP server to the exchange server where it gets bounced back with a NDR. Question: With the current software I have (ISA, SMTp service on IIS, Exchange 5.5) is there a way to filter based on the receiving address? All I seem to find is a way to block the sender which is not practical based on sheer numbers of e-mails/variations. Thanks Tony
  • 3. Internal spoof attacks clogging the eventviewer (and driving me crazy)
    Hi, Our ISA server keeps on logging the follwing event: <start> Event Type: Warning Event Source: Microsoft ISA Server Control Event Category: Packet filter Event ID: 15108 Date: 02-12-2003 Time: 8:40:36 User: N/A Computer: WVA-FW-001 Description: ISA Server detected a spoof attack from Internet Protocol (IP) address A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. Data: 0000: 1f 00 00 00 .... <end> I think there might be a misconfiguration of some kind, but I am unable to determine what this might be. Can anybody please help me solve this annoying problem? In forward thanks! Regards, Erik
  • 4. Upstreaming problems.
    Upstreaming problem is occuring after every 15 minutes

restriction web site list

Postby fshguo » Fri, 11 Nov 2005 04:00:46 GMT

Hi...I just set up the ISA 2004 in the network,  and got two questions:
1) I would like to block all the web site from visiting, only those web
site in the list can be visited. how to configure it?
2) I install proxy client in one of the computer, it looks like the ISA
rules only valid under the administrator account, which is the account
installed the proxy client. I logon as a normal user in this computer,
the ISA 2004 rule is not active, I have to go to internet option to put
the proxy server's IP and port there to active it.  is not true once
the proxy client installed in the computer under an administrator
account, it should apply to any users logon in this computer?


Re: restriction web site list

Postby ZVR » Fri, 11 Nov 2005 08:50:48 GMT

You configure a destination set with the sites you want to allow, then 
create one rule that allows HTTP traffic to that set. As long as you don't 
have any other rules allowing access those will be the only destinations 

You mean the firewall client.

What do you mean by "normal user"? A local user account (local to that 
computer, that is), or a domain account without admin rights? If it's a 
local computer account none of your ISA rules will work as they probably 
rely on domain users. ISA cannot authenticate against other computer's local 

Yes the firewall client should be active under all profiles, if that's your 


Similar Threads:

1.Site to Site VPN restriction?

Hello All-

Is it possible to restrict a remote site to only be able to access
certain machines or subnets on my internal network?  I have an
internal network of\20 and want to only allow the remote
site to see 172.17.1.x and nothing else?  The ideal solution would be
to allow them to access only four IP's in my network, but I don't know
how that would work either (if it would work).  Any thoughts?

The reason I am trying to do this is that the remote site is a
consultant firm for a software solution and they have other VPN
connections to other clients with similar IP schemes.  I personally
think this should be their problem, not mine, but I thought I would
look into it anyway.

Any and all help is appreciated tremendously!

Thank you!


2.Domain Name Sets Deny Web Sites Not Listed to block all web sites except for my allowed destination list

4.ISA server Site Restriction

I m using a Standerd ISA server with Win 2000 Server& SP3
my problem is that I want to Apply restriction to users 
that user can not Access Any web site .
 but I want to allow these users to Access some Official 
sites .

What Should i do 

5.WEB content restrictions

Some word as a preface. I have a branch office whose local area network is 
connected to the central site through a bridge line. All computers in the 
main site and those in the branch office are in one broadcast domain and use 
dynamic IP addresses from a single DHCP server. All computers are behind one 
ISA 2004 server which allows Internet access through NAT, proxy and firewall 
client services. Only a few domain users use firewall client.
Now on the subject. The bridge line is a bottle-neck and in rush hours it is 
hardy to access servers in the branch office even for ordinary maintaining 
tasks. So I would like to restrict the web content (MIME types) to which the 
computers in the branch office have access thus saving a bandwidth for 
administrative tasks. The content filtering is not a problem and I know how 
to create an appropriate rules. My question is how to distinguish the traffic 
from those computers. Branch users are quite a lot and I don want to use a 
firewall client to separate their requests because some performance issues 
may arise. I am not sure whether creating a computer set will do the work 
because of the dynamic IP addresses. So how to apply content filtering rules 
in these conditions without affecting ISA performance?

6. ISA 2004 Configuration Error -- Must add this Web site to list of trusted web sites ???

Return to ISA


Who is online

Users browsing this forum: No registered users and 6 guest