ISA Firewall Quick Tip : Allowing Internet Access From ISA Server Machine
 




ISA Firewall Quick Tip : Allowing Internet Access From ISA Server Machine


Published
:
February 27, 2007
Last Updated : February 27, 2007
     
Introduction

Although it is not recommended to browse the internet from the Firewall itself, some administrators require having internet on ISA Server in order to have access to Windows Update or update any Add-on installed. In this article, we will see how to configure ISA Server to have access to the internet .

Configuration on ISA Server

  1. Open ISA Management Console



     
  2. Expand Configuration  Node, click on Networks
  3. Under the Networks Tab you will find a Network called Local Host, this refers to the machine ISA installed on, right click this Network and click on Properties
  4. The Local Host Network Properties will be displayed




  5. Click on the Web Proxy  Tab and enable the checkbox Enable Web Proxy client connections for this network and then click on OK
  6. Click Apply, and then click OK
  7. Close ISA Management Console
  8. Now we need to set the proxy settings on Internet Explorer, as seen in the following image, set the address of the proxy as your ISA Server's Internal IP and the Port as 8080, unless another port is used.


  9. By default, ISA Server has a System Policy that permit accessing ONLY Windows Update Sites. This can be seen under the System Policy # 26 ( in ISA Server 2004 , its System Policy # 17 ) .The System Policy are hidden by default, to unhide the System Policy, click on the button shown in the following image
  10. The System Policy will be displayed, the one we need in this article is System Policy # 26, named Allow HTTP/HTTPS from ISA Server to specified sites



    Right click it and choose Edit System Policy




  11. Under the General Tab , make sure that this Policy is enabled as shown below.

     
  12. Click the To Tab, and you will find a Domain Name Set named System Policy Allowed Sites that included the sites that ISA Server can surf to using this policy. To view the content of System Policy Allowed Sites Domain Name Set, choose it and click on Edit




    The content of the System Policy Allowed Sites is only the Windows Updates Sites, so if you want , try from the ISA Server to surf the windows update sites and you will be able to surf them. Now try to surf any other site that is not included in the System Policy Allowed Sites, and you will find out that you can not . So any site you want to surf to it from ISA Server, all you need to do is to include these sites in the System Policy Allowed Sites.

Summary

 ISA Server is a Firewall, so do not use it as a client machine and start browsing from it all the sites.
If you do require to have internet access from the ISA Server itself, all you need to do is to enable browsing from the Local Host Network, set the
browser settings, and to include the sites in the System Policy Allowed Sites.

 Related Links
 
Editing the ISA server 2004 System Policy