заменил ISA2000 на ISA2004 и начались проблемы
Модератор: Модераторы
Сообщений: 32
• Страница 3 из 4 • 1, 2, 3, 4
- глобальный каталог
- Активный пользователь
- Сообщения: 323
- Зарегистрирован: 02 фев 2005, 19:30
глобальный каталог » 26 май 2005, 19:18
а че нельзя создать соответствующее запрещающее правило в фиревалл полиси и поместить его сверху?
With ISA Server 2000, you defined network objects based on IP addresses (client address sets) or fully-qualified domain names (destination sets). With ISA Server 2004, you have much more flexibility in defining network objects. You can specify them according to the following categories:
Networks: In this context, a network is defined as a range of IP addresses.
Network sets: This is a group of networks.
Computers: A computer is defined here as representing a single IP address. To apply a rule to a computer with multiple NICs or with multiple IP addresses assigned to a single NIC, you would use a computer set, an address range, or even a subnet.
Address ranges: This is just what it sounds like: a range of IP addresses.
Subnets: A subnet is also defined as a range of IP addresses, in this case, the addresses make up a sub network.
Computer sets: As a network set is a group of networks, a computer set is a group of computers (or more specifically, a group of non-sequential IP addresses).
URL set: This is a group of Uniform Resource Locators (Web addresses).
Domain name set: This is a group of domain names.
Web listener: This is a software construct that determines which IP addresses and ports will be used to 'listen' for Web requests.
можно и так, и сяк, и через левое ухо, и под правую ногу - кому как нравится :-)))
These network objects define the source and destination for Firewall Rules. Whenever you create a rule, you specify source and destination objects to which the rule is to be applied.
имо всё прозрачно :-)
With ISA Server 2000, you defined network objects based on IP addresses (client address sets) or fully-qualified domain names (destination sets). With ISA Server 2004, you have much more flexibility in defining network objects. You can specify them according to the following categories:
Networks: In this context, a network is defined as a range of IP addresses.
Network sets: This is a group of networks.
Computers: A computer is defined here as representing a single IP address. To apply a rule to a computer with multiple NICs or with multiple IP addresses assigned to a single NIC, you would use a computer set, an address range, or even a subnet.
Address ranges: This is just what it sounds like: a range of IP addresses.
Subnets: A subnet is also defined as a range of IP addresses, in this case, the addresses make up a sub network.
Computer sets: As a network set is a group of networks, a computer set is a group of computers (or more specifically, a group of non-sequential IP addresses).
URL set: This is a group of Uniform Resource Locators (Web addresses).
Domain name set: This is a group of domain names.
Web listener: This is a software construct that determines which IP addresses and ports will be used to 'listen' for Web requests.
можно и так, и сяк, и через левое ухо, и под правую ногу - кому как нравится :-)))
These network objects define the source and destination for Firewall Rules. Whenever you create a rule, you specify source and destination objects to which the rule is to be applied.
имо всё прозрачно :-)
- глобальный каталог
- Активный пользователь
- Сообщения: 323
- Зарегистрирован: 02 фев 2005, 19:30
глобальный каталог » 26 май 2005, 19:37
смотри как всё прекрасно и замечательно, в оличии от кривейшей исы 2к:
ISA Server 2004 includes a new set of rule Wizards that make it easier than ever to create access policies. With ISA 2000, outbound access policies required IP Packet Filters, Site and Content Rules, and Protocol Rules. ISA Server 2004 access policies can be created by using the sophisticated Firewall Rule Wizard that allows you to configure any required policy element 'on the fly.' You do not need to leave the rule wizard to create a network object as you did with ISA 2000; any network object or relationship that is needed for the rule can be created within the new Wizard.
он да флай нигга, он да флай :-)))
или вот ещё:
ISA Server 2000 allowed you to specify which sites and protocols users could access, but you could not allow a user to access a particular site with a selected protocol or use a particular protocol to access a specific site. ISA Server 2004's enhanced firewall rules allow you to define the source and destination for each individual protocol that a user or group is allowed to access. This increases the flexibility with which you can control both inbound and outbound access through the ISA firewall.
шоколадно :-)))
ISA Server 2004 includes a new set of rule Wizards that make it easier than ever to create access policies. With ISA 2000, outbound access policies required IP Packet Filters, Site and Content Rules, and Protocol Rules. ISA Server 2004 access policies can be created by using the sophisticated Firewall Rule Wizard that allows you to configure any required policy element 'on the fly.' You do not need to leave the rule wizard to create a network object as you did with ISA 2000; any network object or relationship that is needed for the rule can be created within the new Wizard.
он да флай нигга, он да флай :-)))
или вот ещё:
ISA Server 2000 allowed you to specify which sites and protocols users could access, but you could not allow a user to access a particular site with a selected protocol or use a particular protocol to access a specific site. ISA Server 2004's enhanced firewall rules allow you to define the source and destination for each individual protocol that a user or group is allowed to access. This increases the flexibility with which you can control both inbound and outbound access through the ISA firewall.
шоколадно :-)))
- slz
- Активный пользователь
- Сообщения: 1229
- Зарегистрирован: 08 июл 2004, 06:17
- Откуда: Новосибирск
slz » 27 май 2005, 06:32
глобальный каталог
| Цитата |
| оно не умеет производить аутентификацию и авторизацию по учётке в ад :-(
[/quote] еще как умеет 
глобальный каталог
на опеннете полно подобных описаний - www.opennet.ru вот хоть эта статья http://www.opennet.ru/base/net/win_doma ... d.txt.html Сам сквиду не пробовал, samba третья пашет на ура. Ниче, скоро попробую
Ultimate В книжке "Dr. Tom Shinder's Configuring ISA Server 2004" - http://downloads.ebuki.apvs.ru/Syngress ... 836191.chm есть скрипты для добавления URL set и Domain name set из обычных текстовых файлов, а то руками заболбаешься их туда колотить, да и в инте полно таких филесов со списками сайтов с порнухой банерами и прочей лабудой. Chapter 7: Creating and Using ISA 2004 Firewall Access Policy ---------->Using Scripts to Populate Domain Name Sets
slz
гы - и чё это за шняга - где icq, аутглюк, ftp, getright, and many-many others - где это всё? :-) забавно - в систем полисях есть правило, разрешающее исходящий netbios с исы, но нет правила в обратную сторону - на кой @#$ спрашивается тогда первое? а я думаю "че сетевое окружение вырубилось?" :-)))
slz
а сцылку сразу нельзя было? а то вдруг он тоже половины не може :-)
глобальный каталог
PFFilter - это пакетный фильтер от OpenBSD, идет как модуль ядра
http://www.opennet.ru/docs/RUS/ipfw_pf_ ... index.html http://www.dreamcatcher.ru/docs/pf.html http://www.dreamcatcher.ru/docs/pf-faq-part2-rus.html http://www.dreamcatcher.ru/docs/pf_firewallig.html
гы - так это просто нат - БЕЗ всякой аутентификации и авторизации - нафик он нужен? :-) нужен firewall client, а юнихи этого не умеют :-)
Сообщений: 32
• Страница 3 из 4 • 1, 2, 3, 4
Вернуться в Межсетевые экраны (Firewall) и Прокси серверы (Proxy) Кто сейчас на конференцииСейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 10 |