|
|
Published
|
: |
February 27, 2007 |
Last Updated |
: |
February 27, 2007 |
|
|
|
Introduction |
Although it is not
recommended to browse the internet from the Firewall
itself, some administrators require having internet on
ISA Server in order to have access to Windows Update or update any Add-on installed. In this
article, we will see how to configure ISA Server to
have access to the internet .
|
|
|
Configuration on ISA Server
-
Open ISA Management Console

-
Expand
Configuration
Node, click on
Networks

-
Under the Networks
Tab you will find a Network called Local
Host, this refers to the machine ISA
installed on, right click this Network and click on
Properties

-
The Local Host Network Properties
will be displayed

-
Click on the Web Proxy
Tab and enable the checkbox Enable Web Proxy client connections for this network
and then click on OK

-
Click
Apply, and then click
OK

-
Close ISA Management Console
-
Now we need to set the proxy
settings on Internet Explorer,
as seen in the following
image, set the address of the proxy as your ISA
Server's Internal IP and
the Port as 8080, unless another port is used.

-
By default, ISA Server has a
System Policy that permit accessing
ONLY
Windows Update Sites. This can be seen under
the System Policy # 26 ( in
ISA Server 2004 , its System Policy # 17 )
.The System Policy are hidden by default, to
unhide the System Policy, click on the button
shown in the following image

-
The System Policy will be displayed, the one
we need in this article is System Policy #
26, named Allow HTTP/HTTPS from ISA
Server to specified sites

Right click it and choose Edit System Policy

-
Under the General
Tab , make sure that this Policy is enabled as shown
below.

-
Click the To Tab,
and you will find a Domain Name Set
named System Policy Allowed Sites
that included the sites that ISA Server can surf to
using this policy. To view the content of
System Policy Allowed Sites Domain Name
Set, choose it and click on Edit

The content of the System Policy Allowed
Sites is only the Windows Updates
Sites, so if you want , try from the ISA
Server to surf the windows update sites and you will
be able to surf them. Now try to surf any other site
that is not included in the System Policy
Allowed Sites, and you will find out that
you can not . So any site you want to surf to it
from ISA Server, all you need to do is to include
these sites in the System Policy Allowed
Sites.

Summary
ISA Server is a Firewall, so do not use it as
a client machine and start browsing from it all the
sites.
If you do require to have internet access from the ISA Server itself, all you need to do is to enable browsing from
the Local Host Network, set the
browser settings, and to include
the sites in the System Policy Allowed Sites.
Related Links
Editing
the ISA server 2004 System Policy
|
|