Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

ISA 2000: Block Barry’s Access Except For One Site

Q: I need to block Internet access for Barry, except for one site.


A: As long as all users are required to authenticate when surfing, this is doable. You can specify exclusions using the Site and Content rules.

 

However, if any combination of (S&C and Protocol) rules is allowing anonymous access (anywhere), Barry may be able to get through; web browsers typically try to use anonymous connections before authenticating.

 

You Will Need:

 

A Destination Set (“Barry’s White List”): contains only
www.thealloweddomain.dom (and any other domains you do want Barry to access).

 

Protocol Rule(s) allowing access to HTTP/S.

 

Site and Content Rules something like this:

 

Allow (Domain Users) Anywhere Anytime
Deny (Barry) (All Sites Except Selected Destination Set: Barry’s White List)

 

or, if you’ve already got a “full privilege” user group segregated:

 

Allow (Internet Access Group) Anywhere Anytime
Allow (Barry) (Selected Destination Set: Barry’s White List) Anytime