ISA2006 can bite me :)

Can someone help me with this.

Very simple.

One of my users needs to use eBay - my manager. Fine. So I've created a new group and just allowed eBay in there.

However, the wildcards in the particular whitelist - how do they *actually* work?

I've tried

http://*.ebay.co.uk/
http://*.ebay.co.uk/*

And these don't appear to work - I've had to go in and keep adding each individual URL, i.e.

http://my.ebay.co.uk/
http://signin.ebay.co.uk/

etc.

Can someone please tell me where I am going wrong with the wildcard?

Thanks
David

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

gorebrush

Figured it out...

http://*.ebay.co.uk/ <--- this works
http://*.ebay.co.uk/* <--- this does not

//shrugs shoulders

crrussell3

Even though you got it to work, you might want to try creating a Domain List instead of a URL list. That way you can allow the entire ebay.co.uk domain for that particular user.

gorebrush

Doesn't really matter to be honest... I'm leaving in a few weeks and the whole server estate is moving... and the ISA box will be abandoned...

brad-

im stuck with ISA right now and i hate it. It was the first and only firewall i had to figure out, but it has to be the worst. I'd rather spend time learning how to use an ASA or something just to get rid of it.

it_consultant

The new ISA is out, I wonder how that compares to ISA 2006. Do you guys actually use ISA 2006 as the only firewall on your network?

docrice

I've used different firewalls over the years including the Cisco PIX, ASA, Check Point R6x, iptables, pf ... and ISA 2004 / 2006 (although we only use the latter as a proxy for the most part). I'll admit that I don't know ISA in-depth, but in my opinion it's only worth it if you're a Microsoft shop.

First, I don't care for the fact that this is a firewall running on top of a general-purpose server. While the whole native integration with Active Directory is a nice touch, at the same time I prefer to separate the user and services authentication store from the network infrastructure devices. If an attacker gets a foothold on the firewall, she instantly has some clues about the server-side environment characteristics.

Second, I really, really don't care for the live logging / monitoring in a GUI. Better to have this be a CLI or syslog forward where I can tail the log. Sometimes I need to be able to see a lot of information on the screen at once and on ISA I'm dependent on screen resolution. With an SSH session, I can set the terminal font size to whatever I want.

Thankfully, where I work we currently only utilize ISA as a test proxy for authenticated HTTP requests where credentials-handling is tied in with Active Directory. Other than that, I find it kind of slow. Sometimes when I apply a new rule, it seems like it takes a minute or two to really go into effect. If I implement a new rule, I expect it to apply immediately within the same second.

Then again, it could also be due to my lack of fluency with the platform.