I'm trying to create a rull, that will lock-down a Vista Home Premium PC, so
that it can only gain access to the internet via a corporate proxy on a
Cisco VPN client. I can block all port 80 and 443 traffic, but then can't
get a rule to work that permits traffic to the VPN gateway or proxy server.
I guess the port 80 block is getting a higher priority to the gateway permit
or something similar.

Any ideas please?

I need this to replace Novell Endpoint Security suite, which simply doesn't
work on Vista, even though they claim it does!


Thanks,

Martin.

A block rule always takes priority over an allow rule. Once ports 80 and 443
are blocked, another rule exception will never un-block them.

Instead you have to make the same block rule not apply to the proxy server,
so that it will be exempt.

Create an Outgoing rule to block remote ports TCP 80 and 443 , and in the
scope set two ranges for the remote IP address that exclude the proxy
server. Ignore the VPN tunnel IP addresses, as the firewall will not see
those.

So, for example, if your proxy server on the other side of the tunnel has an
IP address of 172.10.45.100, then the scope should 0.0.0.0 - 172.10.45.99
and 172.10.45.101 - 255.255.255.255.

Simple!

Martin