In ISA Server 2004, it is forbidden to access the Internet. You can set it by prohibiting IP and prohibiting users from being set. The discussion in this article is to use the IP address to ban some customers from accessing the Internet, suitable for the IP address fixed environment. As for how to use authentication to ban users from accessing the Internet, another article in this site "How to: Use authentication to ban internal user access". On the setting of access rules, you can also be divided into two kinds of hidden prohibitions and explicitly disabled. The implicit prohibition is not clearly allowed to allow customers to access the external network, suitable for the environment that strictly defines the policy, such as only some of the customers are allowed to access the Internet, and other customers can naturally not access the Internet. Explicit prohibitions are clearly prohibiting certain customers from accessing external networks, making it imposing certain customers from accessing to the environment in a relaxed definition policy. If you use IP addresses, your performance is whether you clarify this IP Internet or whether this IP is banned. In the case of the strategy, I personally prefer the kind of behind, probably because I am more lazy :). However, I believe that in most network environments is a relaxed definition of a relaxed definition, I will tell you how to set up the customer online. First, the part of the IP is prohibited first by IP, which is suitable for fixed IP configuration. The procedure is as follows: 1. Customers need to ban a new address set or computer set, 2, the destination address of these prohibited customers needs to create a new address range or domain name; of course, for this customer is completely banned, then this One step can be omitted, and the external network that comes with ISA can be used. 3. Create a new access rule in the firewall policy; in this article, we use the client IP 192.168.0.41 as an example, first set the policy to prohibit it from accessing the external network, then set the policy to prohibit it from accessing the Yahoo website, but you can access Other websites. First click on "Network Object" in the toolbox on the right side of the firewall policy, then right-click "Computer Set", then select "New Computer Set"; then click "Add" on the New Computer Set dialog box. Computer "; In the" Add Computer "dialog, enter the computer name and IP address, click" OK "; the built computer set is as shown in the figure below, click" OK "; then right click on the firewall policy, select New" access rules ", In the new access rules guide the name of the rule; the rule action is blocked, and then select the Denyed Client that just created in the source network. Destination network selection external; follow the prompts, the final establishment of firewall policies should be shown below, click "App" to save the modification and update firewall settings; note that Article 2 strategy is "Unlimited Internet Access", this Policy allows all internal customers to access external networks; then, tested on this customer, as shown below, this customer can no longer access the network. Now let's try to let this customer can't access Yahoo websites, and can access other websites. First, you have to create a set for the destination address of this customer's access, I have troubles here, use the domain name, if you use, you need to find an IP address.
