ISA2006 can bite me :)

gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
Can someone help me with this.

Very simple.

One of my users needs to use eBay - my manager. Fine. So I've created a new group and just allowed eBay in there.

However, the wildcards in the particular whitelist - how do they *actually* work?

I've tried

http://*.ebay.co.uk/
http://*.ebay.co.uk/*

And these don't appear to work - I've had to go in and keep adding each individual URL, i.e.

http://my.ebay.co.uk/
http://signin.ebay.co.uk/

etc.

Can someone please tell me where I am going wrong with the wildcard?

Thanks
David

Comments

  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Figured it out...

    http://*.ebay.co.uk/ <--- this works
    http://*.ebay.co.uk/* <--- this does not

    //shrugs shoulders
  • crrussell3crrussell3 Member Posts: 561
    Even though you got it to work, you might want to try creating a Domain List instead of a URL list. That way you can allow the entire ebay.co.uk domain for that particular user.
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Doesn't really matter to be honest... I'm leaving in a few weeks and the whole server estate is moving... and the ISA box will be abandoned...
  • brad-brad- Member Posts: 1,218
    im stuck with ISA right now and i hate it. It was the first and only firewall i had to figure out, but it has to be the worst. I'd rather spend time learning how to use an ASA or something just to get rid of it.
  • it_consultantit_consultant Member Posts: 1,903
    The new ISA is out, I wonder how that compares to ISA 2006. Do you guys actually use ISA 2006 as the only firewall on your network?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I've used different firewalls over the years including the Cisco PIX, ASA, Check Point R6x, iptables, pf ... and ISA 2004 / 2006 (although we only use the latter as a proxy for the most part). I'll admit that I don't know ISA in-depth, but in my opinion it's only worth it if you're a Microsoft shop.

    First, I don't care for the fact that this is a firewall running on top of a general-purpose server. While the whole native integration with Active Directory is a nice touch, at the same time I prefer to separate the user and services authentication store from the network infrastructure devices. If an attacker gets a foothold on the firewall, she instantly has some clues about the server-side environment characteristics.

    Second, I really, really don't care for the live logging / monitoring in a GUI. Better to have this be a CLI or syslog forward where I can tail the log. Sometimes I need to be able to see a lot of information on the screen at once and on ISA I'm dependent on screen resolution. With an SSH session, I can set the terminal font size to whatever I want.

    Thankfully, where I work we currently only utilize ISA as a test proxy for authenticated HTTP requests where credentials-handling is tied in with Active Directory. Other than that, I find it kind of slow. Sometimes when I apply a new rule, it seems like it takes a minute or two to really go into effect. If I implement a new rule, I expect it to apply immediately within the same second.

    Then again, it could also be due to my lack of fluency with the platform.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.