This post goes over setting up domain computers to browse the internet. ISA 2006 by default is completely locked. This means all traffic going externally and internally are blocked because the “default” rule says so. Now that you know what is causing internet browsing to fail I will show you how to setup a rule to allow Internet browsing through ISA 2006.
Open “Microsoft Internet Security and Acceleration Server 2006”.
Right click “Firewall Policy” – Click “New” – Then “Access Rule…”
You can Call the rule what ever you like. I recommend calling it something useful like “Internet Browsing”. Click “Next”
You are wanting to “Allow” outgoing traffic.
You now want to select protocols. Because we want to enable web browsing for domain computers we want to enable “HTTP” , “HTTPS” , and “DNS”. To select the protocols you want to click “Add”.
Select “HTTP” , “HTTPS” and “DNS” from the “Common Protocols” folder. (Sorry this picture is showing the “Web Folder”)
You will then be asked “this rule applies to traffic from these sources”. Click Add. In the next Window that opens click “All protected Networks” from the “Network Sets” folder. Click Next.
You now are going to be asked where you want to allow computers in the protected network to go. Click “Add”. A New Window will open. Select “Anywhere” from the “computer sets” folder.
A Window will show “For All User”. Keep this setting and click “Next”.
Click Finish. Now you might think that you are done but you aren’t. In ISA 2006 you must always “Apply” your changes after you make them. Click “Apply”.
Now you must go to the workstation and open Internet Explorer. *NOTE* If you don’t see the menu bar hit “ALT”. The Menu bar will magically appear and then drop down.
Go to Tools – Internet Options
Click on the “Connections” tab. Then click “LAN Settings”.
Click “Use a proxy server …”. Type in the IP address or the FQDN of the ISA server and then port number. The default port that ISA 2006 uses is port “8080”. Hit “OK” and then “OK”.
Voila! Your done.
Geoffrey Jonkers says
Hi there,
I have a question:
should the ISA 2006 server also hang in the the domain?
Sorry for my bad english :$
greets,
Geoffrey