Hi,
I'm evaluating ISA Server to see if it could replace our Proxy 2.0 for both browsing the internet and publishing internal servers (specially OWA and some IIS applications).
As I felt it unsecure to have the ISA box directly plugged into the internal domain, I set it up as a master in its own domain and created a unidirectional trust-relationship so that the ISA Server's domain trusts the users/groups from our corporate domain. All clients will use the firewall client.
I am now facing some problems if I want to restrict access based on users and groups : it works well with restrictions based on client adresses (IP) but if I set up protocol rules based upon user names or groups all traffic is blocked !
Do I need some specific ports to be opened in order to allow inter-domain conversation ? Or is my configuration simply not supported ?
Any help would be greatly appreciated !
Olivier
I'm evaluating ISA Server to see if it could replace our Proxy 2.0 for both browsing the internet and publishing internal servers (specially OWA and some IIS applications).
As I felt it unsecure to have the ISA box directly plugged into the internal domain, I set it up as a master in its own domain and created a unidirectional trust-relationship so that the ISA Server's domain trusts the users/groups from our corporate domain. All clients will use the firewall client.
I am now facing some problems if I want to restrict access based on users and groups : it works well with restrictions based on client adresses (IP) but if I set up protocol rules based upon user names or groups all traffic is blocked !
Do I need some specific ports to be opened in order to allow inter-domain conversation ? Or is my configuration simply not supported ?
Any help would be greatly appreciated !
Olivier