- Open ISA Management Console
- Create a new Access rule, Right click Firewall Policy , then click on New then choose Access Rule
This also can be done from the Right Pane, under the Tasks bar :
- The New Access Rule Wizard will be launched, give a name to your new rule , in this example we will name it Allow Internet, then click Next
- In the Rule Action page, we choose which action we want to grant for our users, first we need to create the allow rule that will allow them to have internet access, so we choose Allow, then click Next
- I always prefer not to grant users an open rule, in this I mean a rule with all outbound protocols, that's why I always prefer to grant my users a selected protocols for each rule. In the Protocols page, From the drop down list of This Rule Applies To, choose Selected Protocols,
click on Add button, the Add Protocol page will open, expand the Common Protocols container, choose the HTTP, HTTPS, POP3 & SMTP ( these are the most common protocols used, you can have any other protocols as desired ) protocols and click on Add , then click Close
The selected protocols will be displayed in the Protocols page, click Next
- On the Access Rule Sources page, click the Add button. In the Add Network Entities dialog box, click on the Networks folder. Double click on the Internal network, then click the Close button in the Add Network Entities dialog box. Click Next in the Access Rule Sources dialog box.
- Click the Add button on the Access Rule Destinations page. In the Add Network Entities dialog box, click the Networks folder. Double click the External entry and click Close in the Add Network Entities dialog box. Click Next on the Access Rule Destinations page.
- On the User Sets page, accept the default setting of All Users.
- Review your settings and click Finish on the Completing the New Access Rule Wizard page.
- Click the Apply button to save the changes and update the firewall policy. This button is located at the top of the Details pane
(the middle pane) of the console.
- Your rule will look this :
- The rule you have just created will permit your users to surf the Internet with only the selected protocols, but your users will be able to download whatever they want !! so what you need to do is to filter such ability by File Extension and/or Content Type.
- Right click your Allow Rule, then click on Configure HTTP
- The Configure HTTP Policy page will open
In this article we will only discuss the Extensions Tab , for more info on the Configure HTTP Policy check the related links at the end of this article.
- Click on the Extensions Tab, then from the drop down list choose Block specified extensions (allow all others).
- Click on the Add button
In this page, start adding the extension you desire to block, such as wmv, avi and so on.
After you finish from filling the extensions you desire to block , click on OK
- Click the Apply button to save the changes and update the firewall policy.
- We finished now with the Extensions part, now if you need also to block by Content Type, double click on the Allow Internet rule
Then click on the Content Types Tab
- By default, all Content types are enabled, what we need to do now is to select only the ones we need to be enabled on this rule,
that's why we need to enable the radio button beside the Selected content types ( with this option selected , the rule is applicable only to HTTP traffic ) under the This rule applies to
- Start selecting the content types you want to enable, in this article, we do not want to enable streaming content types, so we leave the audio and video content types deselected. After you finish from selecting, click on OK
- Click the Apply button to save the changes and update the firewall policy.
0 comments:
Post a Comment