General discussion


Issues ISA firewall and global group

By Star69 ·
I attached a global group to the ISA firewall to grant my users internet access. It worked fine for a while but lately I notice that people who are not member of the global group have internet access as well.
I tested different scenarios:
1. Old global group attached to firewall. Result: everyone has access to internet.
2. New global group attached to firewall. Result: access restricted to member of global group.
3. Local group attached to firewall with Old global group in local group. Access restricted to members of Old global group.
Are there issues with ISA firewalls and global groups? Has active directory been corrupted?
How can I test the integrity of Active Directory?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Issues ISA firewall and g ...

I doubt active directory was corrupted. if it was you would be having a heck of a lot more problems network wide than with just ISA server.

Now one question arises straight off, Which O/S are you using in conjunction with ISA server? Windows 2000 server? Windows 2003 Server? Windows SBS 2000? SBS 2003? Next question is :why are you using the global group to restrict/limit user access to the internet?

ISA server, by default, denies access until granted. You can create a group in AD called Intenet Users, add users to that group and then in ISA server manangement console, site & content rules AND in protocol rules specify that the internet users group is allowed internet access. I wouldnt use the AD global group to do what you want to do.

Collapse -

by CG IT In reply to

there shouldn't be a "over time everyone had access to the internet". Those not members of the internet access group can not go through ISA server to the internet. Not unless someone gets in there and adds additional users to the internet access group. Further your comment "access was not limited to members of the group" doesn't make sense. Thats the whole purpose for the group in that only those users in that group can access the internet via ISA server. So there's one of 2 things happening. either someone is adding users to the group or users found out what the ISA server proxy settings are and changing their browsers proxy server setting so they can have access to the internet. You can disable/grey out/hide browser settings from users so that they can't change me [but they shouldn't be able to in the first place if they are just domain users].

Collapse -

by Star69 In reply to Issues ISA firewall and g ...

I'm using Windows 2000 server in conjunction with ISA. I did as you described in your answer. I created a group in AD and granted access to that group in ISA.
After a period of time, I noticed that everyone had access to the internet. Access was not limited to the members of the group.

Related Discussions

Related Forums