Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to create a policy that enables only Web proxy clients in Internet Security and Acceleration (ISA) Server 2006, in ISA Server 2004, in Forefront Threat Management Gateway, Medium Business Edition, or in Windows Essential Business Server 2008


View products that this article applies to.

Introduction

When you create a report in Microsoft Internet Security and Acceleration (ISA) Server 2006, in ISA Server 2004, in Forefront Threat Management Gateway, Medium Business Edition, or in Windows Essential Business Server 2008, a section of the report, such as the Top Websites section, lists IP addresses. This section should list the corresponding Domain Name System (DNS) names. This behavior may occur when ISA Server or FTMG is not configured as the Web proxy in client browsers.

This article discusses how to create a policy that enables only Web proxy clients in ISA Server or FTMG.

↑ Back to the top


More information

To create a policy that enables only Web proxy clients in ISA Server 2006, in ISA Server 2004, in Forefront Threat Management Gateway, Medium Business Edition, or in Windows Essential Business Server 2008, follow these steps.

Step 1: Create a new outbound protocol

  1. In ISA Server Management or in Forefront Threat Management Gateway, Medium Business Edition, expand the Firewall Policy node.
  2. In the task pane, click the Toolbox tab.
  3. Click Protocols, click New, and then click Protocol.
  4. In the New Protocol Definition Wizard, type a name for the new protocol. For example, type MyHttp. Click Next.
  5. On the Primary Connection Information page, click New.
  6. In the New/Edit Protocol Connection dialog box, verify that Protocol type is TCP and that Direction is Outbound. In the From and To boxes, type 80. Click OK, and then click Next.
  7. Click Next on the Secondary Connections page.
  8. Click Finish.
  9. In the ISA Server details pane, click Apply to save the configuration settings.

Step 2: Create a new access rule

  1. In ISA Server Management or in Forefront Threat Management Gateway, Medium Business Edition, expand the Firewall Policy node.
  2. On the Tasks tab, click Create New Access Rule to start the New Access Rule Wizard.

    Note In ISA Server 2006 or in Forefront Threat Management Gateway, Medium Business Edition, click Create Access Rule to start the New Access Rule Wizard.
  3. On the Welcome to the New Access Rule Wizard page of the New Access Rule Wizard, type a name for the access rule. For example, type Deny HTTP transparent access. Click Next.
  4. On the Rule Action page, click Deny, and then click Next.
  5. On the Protocols page, click Selected Protocols in the This rule applies to list, and then click Add.
  6. In the Add Protocols dialog box, expand the User-Defined node, click MyHttp or the name that you created for the new protocol, click Add, click Close, and then click Next.
  7. On the Access Rule Sources page, add the entities that will have only Web proxy access. Click Next.
  8. On the Access Rule Destination page, add your Web proxy access destination. Click Next.
  9. On the User Sets page, click All Users, click Next, and then click Finish.
  10. In ISA Server Management or Microsoft Forefront TMG, click Apply to save changes.
Note If there is an existing rule that enables Web proxy clients, you must put the new rule before the existing rule in the ISA Server details pane or in the Forefront Threat Management Gateway, Medium Business Edition details pane. To do this, right-click the rule, and then click Move Up. After you move the rule, click Apply to apply the changes to the firewall policy, and then click OK.

↑ Back to the top


Keywords: KB891241, kbhowto, kbisa2006swept, kbarchive, kbnosurvey

↑ Back to the top

Article Info
Article ID : 891241
Revision : 3
Created on : 1/16/2015
Published on : 1/16/2015
Exists online : False
Views : 379