Printable View
In my office I have blocked some websites on my ISA Server 2004. The problem is now, PCs that are configured as SecureNAT can access these websites, since most are used by local administrators of their laptop, so I do not find a solution? Blocking for Firewall and Proxy clients customers walk very well. If you have any suggestion then share it. Thank you in advance.
I give you an example of ISA Rule may be after trying that your issue get fixed: Allow 'HTTP and HTTPS' from 'internal' to 'External' (except set the domain name "*. facebook.com") for 'All users'. This rule allows access to the internet except for the domain name *. facebook.com and valid for Secure Nat clients also try to adjust your rule from my example and test. The sites that are blocked for Secure Nat are specified in "Set the domain name" or set of URLs? And sites that are not blocked for Secure Nat are specified in "Set the domain name" or set of URLs?
Concerning the rule, the packets of being SecureNAT seems to be closed by the rule of Enterprise (ISA 2006 Enterprise Edition), but access the site YouTube. By cons I have used another trick to secure the site, to recall the rule that I created to block certain sites working fine except the site YouTube, then what I did, I created element subnets where I put the IP addresses of website using "nslookup www.youtube.com" and hop around is playing. Thank you for your answers, and I will accept any proposal.
I am sure that if you do the test with a proxy client, the rule works because SecureNAT mode, the customer name resolution with the dns, (unlike Proxy) arrived at the ISA sees only one IP address (IP address youtube) and not the domain name. can you get tested? Give me all the information so I can research on this in a better way.
I said that my rule that blocks web sites works fine for the Firewall Client and Proxy Client by the SecureNAT cons, it works partially or eg facebook is not blocked by Youtube cons. For the IP addresses of YouTube, so I used them, and it worked but as was mentioned above, it's all a trick. What bothers me most about this story and why Facebook is not blocking these IP addresses I put on (even other sites like voobys.com) but not YouTube?