Linglom's blog

This article is one of the series of Getting started with Microsoft ISA Server 2006. You can see the index of this series at Getting started with Microsoft ISA Server 2006, Part 1: Introduction.

Create Firewall Policy Rule

From Part 7: Create DNS Lookup Rule, you have create an access rule to allow DNS look up from the internal network to the external DNS addresses. But you do not have any web access rule for users. So now, I will show how to create an access rule on ISA Server 2006 to allow HTTP and HTTPS protocols for a user to access the Internet.

Step-by-step

1. On ISA Server Management, open Firewall Policy by expand Arrays -> BKKISA001 -> Firewall Policy (BKKISA001).
   
2. On Firewall Policy, select Tasks and click on Create Access Rule.
   
3. On Welcome to the New Access Rule Wizard, type a name for the access rule. On this example, I type “Allow HTTP, HTTPS for Linglom” and click Next.
   
4. On Rule Action, select Allow and click Next.
   
5. On Protocols, you have to choose which protocols will be applied to this rule.
   • Select Selected protocols and click Add.
     
   • On Add Protocols, expand Common Protocols and double-click on HTTP and HTTPS. Then, click Close and click Next to continue.
     
6. On Access Rule Sources, select the source network for this rule.
   • Click Add.
     
   • On Add Network Entities, expand Network and double-click on Internal. Click Close and click Next to continue.
     
7. On Access Rule Destinations, do the same as the previous step but select External network as a destination.
   
8. On User Sets, you have to select which users and groups are applied to this access rule. On this example, I want this rule apply to only a domain user account – linglom.
   • Remove All Users by click on Remove and add a new User Sets by click Add.
     
   • On Add Users, you see existing user sets available. There is no user set that I want so I will create a new one. Click New.
     
   • On Welcome to the New User Set Wizard, type the name of a new user set that you want and click Next.
     
   • On Users, click Add -> Windows users and groups.
     
   • On Select Users or Groups, select the users or groups that you want to add to this new user set. On this example, I select the domain user – linglom. Then, click OK.
     
   • You see that the user has been added to a new user set. Click Next.
     
   • On Completing the New User Set Wizard, click Finish.
     
   • A new user set is created. The, select on it and click Add to add the new user set to this rule.
     
   • Now the user set is added to the rule. So this rule will be apply to only this user – Linglom. Click Next.
     
9. On Completing the New Access Rule Wizard, click Finish.
   
10. Don’t forget to save the changes that you have made by click on Apply at the top.
    
11. The changes have been saved. Click OK.
    
12. Now you see the rule that you have created.
    

What’s Next

You have some access rules on ISA Server 2006. That’s it for the basic configuration on the sever. Next, I will start configure client to access the Internet through ISA Server 2006. See Part 9: Client Configuration.