Since the Macintosh platform does not interact with the default authentication requirements of ISA 2004 for web and non-web access, you have to create a special ISA configuration to allow outbound Internet access for Macs.

The remainder of this post will give step-by-step instructions for setting up the ISA configuration.

First, you will need to identify a range of IP addresses that will belong only to the Macs. By default, SBS creates a DHCP address scope of .1 to .254, but then excludes addresses .1 through .9. Ideally, you’d like for the Macs to fall into a particular address range (the range size will depend on the number of Macs involved) within that DHCP scope. If you have 10 Macs, you might want the address range to be 192.168.16.51-192.168.16.60.

When you have decided on the address range you want to use for the Macs, follow the instructions in the Configuring DHCP Reservations in SBS 2003 post to create the reservations for the Macs. This does two things. First, it guarantees that the Macs will fall into this address range. Second, it guarantees that no other systems will fall into the address range.

Now, to configure ISA:

  1. Open the ISA Server Management Console.
  2. Expand you server name and click Firewall Policy.
  3. In the right-hand pane, click the Toolbox tab.
  4. Expand Network Objects, and then click Computer Sets.
  5. Right-click on Computer Sets and select New Computer Set.
  6. Enter a name for the set in the Name field (something like “Mac Group”).
  7. Click Add, then select Address Range.
  8. Enter a name for the range in the Name field (something like “Mac Range”).
  9. Enter the starting and ending addresses for the range to match the DHCP reservations you created in DHCP.
  10. Click OK when the range is correct.
  11. Click OK to save the Computer Group.
  12. In the right-hand pane, click the Tasks tab.
  13. Click Create a New Access Rule.
  14. Enter a name for the Access Rule (i.e. “Mac Internet Access Rule”) and click Next.
  15. In the Rule Action page, click Allow and then click Next.
  16. In the Protocols page, select All outbound traffic if you don’t want to restrict Internet access for the group, or select Selected Protocols or All outbound traffic except selectedif you want to restrict the types of traffic for the group. If you choose either of the latter options, you will need to click Add and select the protocols you wish to allow or deny and add them to the list.
  17. Click Next to continue.
  18. In the Access Rule Sources page, click Add.
  19. Expand Computer Sets, and select the group you just created.
  20. Click Add, then click Close.
  21. When you see that the correct computer group is listed, click Next.
  22. In the Access Rule Destinations page, click Add.
  23. Expand Networks, and select External.
  24. Click Add, then click Close.
  25. When you see External listed, click Next.
  26. Click Next to accept the All Users group.
  27. Click Finish to create the rule.
  28. Click Apply above the Firewall Policy tab.
  29. Click OK when the changes have completed.

Now you will need to reboot the Mac and make sure it receives the correct address from the DHCP server. If for some reason the Mac does not receive the correct address, you can manually set the IP address to match the number it should have received from the DHCP server.

At this point, the Mac should have access to the Internet based on the restrictions you placed in the rule, if any. Note that you will not need to configure the Mac web browsers to use the proxy server with this configuration.

引用源:http://simultaneouspancakes.com/Lessons/2005/11/05/internet-access-for-macintoshes-behind-isa-2004/