This post goes over setting up domain computers to browse the internet. ISA 2006 by default is completely locked. This means all traffic going externally and internally are blocked because the “default” rule says so. Now that you know what is causing internet browsing to fail I will show you how to setup a rule to allow Internet browsing through ISA 2006.
ISA Server 2006 comes with a predefined rules called System Policy. Click here to read more about System Policy.
In this article we will be configuring some rules of the System Policy to enable Remote administration for ISA Server 2006.
- Open ISA Server Management Console, Click on Start > All Programs > Microsoft ISA Server > ISA Server Management
- Click on the Firewall Policy node, as you can see, this is a fresh install of ISA Server 2006,and it still has its default Deny rule, and as I said previously we are going to work with the System Policy ,and not going to create any new rule to allow remote administration
- From the right side panel, under the Tasks tab, click on Edit System Policy
- The System Policy Editor will open, for the purpose of this article we will work with the Remote Management configuration group. Clicking on any System Policy configuration group from the left panel ( will be marked with a red arrow ), will open its configuration page on the right side.
To connect to ISA Server remotely, the System Policy offers you three options :
Microsoft Management : using the MMC
Terminal Server : using Remote Desktop Connection
Web Management : I will not be discussing Web Management, as I do not have any Web Application that can remotely manage ISA Server, later on if my hands fall on any application that does this, I will be demonstrating it
- Microsoft Management allows you to connect to ISA Server using the Microsoft Management Console, which you can install it on a remote machine, and from it you can connect to your ISA Server.
- By default Microsoft Management is Enabled, but you will need to specify from which machines you are going to connect to your ISA Server, this can be configure by clicking on the From Tab, by default the Remote Management Computers is included under the From source, and by default , the Remote Management Computers is empty and you will need to populate it.
- Click on the Remote Management Computers and then click on the Edit Button, the Remote Management Computers Properties page will open, here you can add a single Computer, an address range, or a complete subnet to the remote management computers, in this article, I am the only administrator of ISA Server, and I will only install the MMC on my Vista Laptop, so I will add a Computer, click the Add button , then click on Computer
- Browse to the remote computer by clicking on the Browse button, or start filling its name, IP address and a brief description if you want, once its set, click on the OK Button
The Computer will be listed as shown below, Click on the OK button
- Click the Apply button so the changes take effect