Configure ISA to allow outbound internet access based on IP address, not username, password, or other credentials.

Recently I had to configure ISA 2006 to allow outbound internet access to a computer, regardless of who was logged in. 

The ISA configuration was set to only allow access to users that were specifically members of a Windows Active Directory group “Allow-Internet”.  This was done via web proxy clients and firewall clients.  The problem, then, is computers that are not logged in and running services (like email SMTP, FTP, etc) can not authenticate with the ISA to gain outbound internet access.

Likewise, a device that was not running windows would not be able to access the internet (maybe a hardware appliance).

This is a simple rule I added to permit access to those devices.

1. Open ISA Server Management

2. Navigate to Firewall Policy

If you can’t find it, make sure the left pane is open:

3. Create a new rule using these settings:

4. Click the From tab then click the Add button

5. The computer (or device) that you want to add is probably not listed so you’ll need to hit the New button and create a New Computer

6. Enter the IP address for the computer (or device) and a friendly name for your reference

7. Activate your changes by clicking the Apply button