In this tutorial lets create a company policy that states that guests may not download FTP based files at anytime.
1. The diagram above shows where protocol rules can be found. Right click protocol rules then click new then click rule.
2. Name your rule in this case I gave it a name I will be able to identify at a later stage Block FTP. Then click next.
3. Select the deny radio button this will set the deny action in motion. Now click next.
4. Click on the selected protocols this screen is the start of granular control.
5. Now select your protocol. I have selected ftp download only and I have checked that box. Now click next
6. Now you need to set the time that the rule will apply. I have selected always because of the policy. This is selecting an existing schedule that you can crate and edit. In this example I have used the default schedule. Select always and then click next.
7. You are now presented with this screen with this screen. Select specific users and groups as you want to apply this rule to only the guest accounts. Now click next.
8. Click on add to select your users.
9. For the purposed of this exercise I have selected the local guest account on the ISA server you can click on the dropdown box and normally see a list of connected domains and if trusts are in place when using NT4 you should be able to connect to the other domain and select users form that domain. In this example click on the local guest account local to the ISA server and click add and then ok.
10. Now click on next if the displayed account is correct.
11. Look through the summary information presented to you at the end of the rule creation process and read through it to verify that this is what you want to do. Caution: Miss configuring a protocol rule can result in you ISA server blocking traffic.
Knowing that you can use a protocol rules to have granular control over all your protocols results in understanding the power of ISA on a troubled network. Most of the time when your network traffic is analyzed you wonder how you would stop people from downloading those FTP files from unsolicited sites or how would stop other types of bandwidth hungry applications. Protocol rules are the answer to this reoccurring problem.