We are in the process of setting up ISA 2006 for monitoring web traffic via web proxy, ISA Firewall Client and SecureNat.
The sole purpose is to monitor and report on all the traffic of both authenticatedand anonymous web proxy users plus Securenat clients. We have hardware firewalls in place and do not want to use ISA as another layer of firewalls inside our LAN.
We don't want to use ISA to block anything when it is first implemented. After rolling it out and looking through the web use reports, decisions will be made on what, if anything, will be blocked or if we will just keep all access to all sites
open and have others deal with problem users through HR or other departments as needed.
It is critical that we do not block anything inadvertently when ISA is rolled out due to ISA being designed to block anything that it considers non standard.
We will block what we want to block actively and do not want things simply getting "stuck" in ISA because ISA has default settings enabled to block things even when there is no specific deny rule we have configured to block that traffic.
So far, we have found out that ISA does not allow https to go through any non standard SSL ports. To fix this, a workaround script was used to open large ranges of ports so we didn't have to add ports one at a time and that took care of that issue.
Now, I have found that ISA will also block http traffic that it determines as being non standard. To fix that, you are supposed to configure special filters for each item you want to make an exception for. This would be a massive amount of work
because there is alot of this type of traffic and unusual applications used in our environment.
Is there some way to configure ISA so it stops trying to be a firewall automatically blocking things it doesn't like and instead just monitors and reports on traffic? Either that or is there a way to create some kinds of wide-ranging, all-inclusive
wildcard filters so we do not need to make individual filters for every individual protocol, port and application?