Click Close, and then click Next.
8. On the User Sets screen leave it set to All Users unless you wanted to
limited access to the web to a specifi c set of users, and then click Next.
9. Click Finish.
The rule you have just created will appear in the Firewall Policy tab as shown in
Figure 11.12.
Configuring Microsoft Internet Security and Acceleration Server 2006 ??? Chapter 11 405
Figure 11.12 Your New Firewall Rule
Confi guring & Implementing??¦
Even Your Outbound Traffi c
Should Be as Restricted as Possible
You??™ve probably noticed that although you??™ve allowed traffi c out to the web from
all our internal nodes, you still can??™t access the web. This is because we aren??™t
letting any DNS traffi c out yet so name resolution isn??™t working. Although we
simply could have added the DNS protocol to our fi rst rule this would open our
fi rewall a bit more than we should like to have it.
Continued
406 Chapter 11 ??? Confi guring Microsoft Internet Security and Acceleration Server 2006
There is one very big gotcha with this part of ISA Server. The Firewall Policy
screen shows only the rules we??™ve created as well as the last default block all rule,
but there are actually 30 other rules in place from the time of installation. If you click
Show System Policy Rules in the Task pane you will suddenly see the additional
rules as shown in Figure 11.13.
If you are running a network with internal servers running the DNS service,
then these are the only devices that should be allowed to be the source for
outbound DNS queries.
Pages:
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403