How to create a policy that enables only Web proxy clients in Internet Security and Acceleration Server 2006 or Internet Security and Acceleration Server 2004 (891241)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

INTRODUCTION

When you create a report in Microsoft Internet Security and Acceleration (ISA) Server 2006 or in ISA Server 2004, a section of the report, such as the Top Websites section, lists IP addresses. This section should list the corresponding Domain Name System (DNS) names. This behavior may occur when ISA Server is not configured as the Web proxy in client browsers.

This article discusses how to create a policy that enables only Web proxy clients in ISA Server.

MORE INFORMATION

To create a policy that enables only Web proxy clients in ISA Server 2006 or in ISA Server 2004, follow these steps.

Step 1: Create a new outbound protocol

  1. In ISA Server Management, expand the Firewall Policy node.
  2. In the task pane, click the Toolbox tab.
  3. Click Protocols, click New, and then click Protocol.
  4. In the New Protocol Definition Wizard, type a name for the new protocol. For example, type MyHttp. Click Next.
  5. On the Primary Connection Information page, click New.
  6. In the New/Edit Protocol Connection dialog box, verify that Protocol type is TCP and that Direction is Outbound. In the From and To boxes, type 80. Click OK, and then click Next.
  7. Click Next on the Secondary Connections page.
  8. Click Finish.
  9. In the ISA Server details pane, click Apply to save the configuration settings.

Step 2: Create a new access rule

  1. In ISA Server Management, expand the Firewall Policy node.
  2. On the Tasks tab, click Create New Access Rule to start the New Access Rule Wizard.

    Note In ISA Server 2006, click Create Access Rule to start the New Access Rule Wizard.
  3. On the Welcome to the New Access Rule Wizard page of the New Access Rule Wizard, type a name for the access rule. For example, type Deny HTTP transparent access. Click Next.
  4. On the Rule Action page, click Deny, and then click Next.
  5. On the Protocols page, click Selected Protocols in the This rule applies to list, and then click Add.
  6. In the Add Protocols dialog box, expand the User-Defined node, click MyHttp or the name that you created for the new protocol, click Add, click Close, and then click Next.
  7. On the Access Rule Sources page, add the entities that will have only Web proxy access. Click Next.
  8. On the Access Rule Destination page, add your Web proxy access destination. Click Next.
  9. On the User Sets page, click All Users, click Next, and then click Finish.
  10. In ISA Server Management, click Apply to save changes.
Note If there is an existing rule that enables Web proxy clients, you must put the new rule before the existing rule in the ISA Server details pane. To do this, right-click the rule, and then click Move Up. After you move the rule, click Apply to apply the changes to the firewall policy, and then click OK.
Modification Type:MinorLast Reviewed:9/20/2006
Keywords:kbISA2006Swept kbhowto KB891241
©2004 Microsoft Corporation. All rights reserved.