HI

  I would like to know who  i could permit only few website like https:www.hotmail.com, http://www.Yahoomail.com and http://www.google.com this three website only and i would like to block any other website then this  in FOREFRONT TMG .

NOTE: HTTP AND HTTPS WEBSITES

I Have tried many way in TMG but could not do it even by using URL FILTERING 

I Hope you guys can HELP! me out of this.

THANKS IN ADVANCE

Hello,

The easiest way to do so is to Create a Master block rule to block users from accessing internet, then Create a Rule to allow internet for only these 3 websites.

should be something like this.

Create a URL Set and add  the needed websites to it.

First Firewall policy :     Deny from internal to external   ---- For all users   

Second Firewall policy : Allow From Internal to Selected Web URL Set created earlier ---- For all users or selected users your choice.

Regards

IS 

• Edited by DenialoX 18 hours 48 minutes ago
• Proposed as answer by DenialoX 18 hours 45 minutes ago

Hello,

The easiest way to do so is to Create a Master block rule to block users from accessing internet, then Create a Rule to allow internet for only these 3 websites.

should be something like this.

Create a URL Set and add  the needed websites to it.

First Firewall policy :     Deny from internal to external   ---- For all users   

Second Firewall policy : Allow From Internal to Selected Web URL Set created earlier ---- For all users or selected users your choice.

Regards

IS 

• Edited by DenialoX Sunday, May 03, 2015 12:38 PM
• Proposed as answer by DenialoX Sunday, May 03, 2015 12:41 PM

Hello,

The easiest way to do so is to Create a Master block rule to block users from accessing internet, then Create a Rule to allow internet for only these 3 websites.

should be something like this.

Create a URL Set and add  the needed websites to it.

First Firewall policy :     Deny from internal to external   ---- For all users   

Second Firewall policy : Allow From Internal to Selected Web URL Set created earlier ---- For all users or selected users your choice.

Regards

IS 

• Edited by DenialoX Sunday, May 03, 2015 12:38 PM
• Proposed as answer by DenialoX Sunday, May 03, 2015 12:41 PM
• Marked as answer by imtiyazuddin25 7 minutes ago

Hello,

The easiest way to do so is to Create a Master block rule to block users from accessing internet, then Create a Rule to allow internet for only these 3 websites.

should be something like this.

Create a URL Set and add  the needed websites to it.

First Firewall policy :     Deny from internal to external   ---- For all users   

Second Firewall policy : Allow From Internal to Selected Web URL Set created earlier ---- For all users or selected users your choice.

Regards

IS 

• Edited by DenialoX Sunday, May 03, 2015 12:38 PM
• Proposed as answer by DenialoX Sunday, May 03, 2015 12:41 PM
• Marked as answer by imtiyazuddin25 Thursday, May 07, 2015 7:17 AM

Hello,

The easiest way to do so is to Create a Master block rule to block users from accessing internet, then Create a Rule to allow internet for only these 3 websites.

should be something like this.

Create a URL Set and add  the needed websites to it.

First Firewall policy :     Deny from internal to external   ---- For all users   

Second Firewall policy : Allow From Internal to Selected Web URL Set created earlier ---- For all users or selected users your choice.

Regards

IS 

• Edited by DenialoX Sunday, May 03, 2015 12:38 PM
• Proposed as answer by DenialoX Sunday, May 03, 2015 12:41 PM
• Marked as answer by imtiyazuddin25 Thursday, May 07, 2015 7:17 AM

Hello,

The easiest way to do so is to Create a Master block rule to block users from accessing internet, then Create a Rule to allow internet for only these 3 websites.

should be something like this.

Create a URL Set and add  the needed websites to it.

First Firewall policy :     Deny from internal to external   ---- For all users   

Second Firewall policy : Allow From Internal to Selected Web URL Set created earlier ---- For all users or selected users your choice.

Regards

IS 

• Edited by DenialoX Sunday, May 03, 2015 12:38 PM
• Proposed as answer by DenialoX Sunday, May 03, 2015 12:41 PM
• Marked as answer by imtiyazuddin25 Thursday, May 07, 2015 7:17 AM

Thanks for your reply.

But it still now working.... i followed the type what you said still no result

I have Seen this while creating the URL SET

"if DNS not configured correctly,rules using URL SET may not be Applied as expected"

Actually we are using ForeFront TMG a Trail version in our organisation for testing purpose.

NOTE:

We have not added the FOREFRONT TMG to the domain server.

we have Created a different network and few system attached on in the workgroup As We already have ISA SERVER in the DOMAIN.

So i want to as there connect or not connecting the FOREFRONT TMG to the DOMAIN have a impact on the URL SET ? 

as the above line which i have coded define so or if we attach forefront to domain will work ok ..

And while creating URL SET as it describe only HTTP site will work what if we want to have a site with protocol HTTPS? 

Please suggest.

we hope of your early reply

Thanks in Advance

Thanks for your reply.

But it still NOT WORKING.... i followed the type what you said still no result

I have Seen this while creating the URL SET

"if DNS not configured correctly,rules using URL SET may not be Applied as expected"

Actually we are using ForeFront TMG a Trail version in our organisation for testing purpose.

NOTE:

We have not added the FOREFRONT TMG to the domain server.

we have Created a different network and few system attached on in the workgroup As We already have ISA SERVER in the DOMAIN.

So i want to as there connect or not connecting the FOREFRONT TMG to the DOMAIN have a impact on the URL SET ? 

as the above line which i have coded define so or if we attach forefront to domain will work ok ..

And while creating URL SET as it describe only HTTP site will work what if we want to have a site with protocol HTTPS? 

Please suggest.

we hope of your early reply

Thanks in A

Hi,

What do you mean "not working"? You cannot access the websites above? Have you checked the TMG logging?

Best Regards,

Joyce

Hey Joyce

Yaah i cannot access the above site....

192.168.4.16   FORE - 192.168.4.255 NetBios Name Service UDP - - None - see Result Code - -16/07/36 05:15:42 0x0 0x0 137 137 Firewall Internal Internal Denied Connection 0 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED 0 0 192.168.4.16 16/07/36 02:15:42 

THIS IS WANT GETTING IN LOG 

even when iam accessing the the allowed web site it is showing DENIED CONNECTION

Hello,

"if DNS not configured correctly,rules using URL SET may not be Applied as expected"

*Make sure you added the static DNS server IP address for WAN connection.

To test It , you can use nslookup command or try pinging the website from server. 

So i want to as there connect or not connecting the FOREFRONT TMG to the DOMAIN have a impact on the URL SET ? 

*No it will not affect URl , it will affect configured users.

*Now, since all URL listed will convert from http to https, add https or port 443 to your URL set,

hotmail.com/*

hotmail.com:443/

hotmail.com:443/*

or you can use  https://hotmail.com/*

                        https://*.hotmail.com/

etc...

Regards

IS

STILL i cannt access the website which are allowed by URL SET as well as DOMAIN SET...

Please tell which step i am missing ???

Thanks in advance....

finally i got it...

BUT I HAVE TWO QUESTION AND I HOPE YOU GUYS HELP ME OUT OF IT!!!

1 When i am loading the allowed website page it is getting load properly but when i am refreshing the page the page is not loading properly and in either case i.e when loading first time or while refreshing the website PICTURES in the website is BLOCKED which i want to allow, i.e. Allowing the website  fully fetched , so i want to ask it is possible in fully fetched manner?

2 URL SET can be of different website or JUST one in each URL SET.

THANKS IN ADVANCE.