Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
"protocol rules" and "content rules"
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
"protocol rules" and "content rules" - 2.Feb.2004 10:22:00 PM
|
|
|
majstorv
Posts: 22
Joined: 24.Feb.2003
From: Belgrade,Serbia and Montenegro
Status: offline
|
Hello,
I have ISA "integrated" , with SecureNAT clients only at the moment on LAN.
I have a strange kind of conflict between "protocol rules" and "site and content rules":
When I allow some IP addresses client pool to use "all IP traffic" and at the same time "site and content rules" for this group ARE NOT "allow all content" then some problem with specific traffic via ISA occurs, for instance POP3 or NNTP from Internet servers, except for WEB.
Even when I use "selected content groups"/"select all" button, it cannot pass POP3 or NNTP, even when protocole rules "allow all IP". When I choose "all content groups" option button (that should be the same), it is all OK!
How can "Site and content rules" relate to "protocol rules" this way?
Is it some kind of bug?
Regards,
Vladimir
|
|
|
|
|
RE: "protocol rules" and "content rules&... - 4.Feb.2004 6:53:00 PM
|
|
|
majstorv
Posts: 22
Joined: 24.Feb.2003
From: Belgrade,Serbia and Montenegro
Status: offline
|
OK,
It solves problem for traffic configured in "protocol rules" (like POP3 and NEWS that I have mentioned).
But still there is a problem with Web traffic: if you don`t make "all content groups" instead of "select all groups" for "site and content rule" you get distorted web page (just click to link that you sent me and it opens in poor format, or Hotmail, also when you try to login to Hotmail, ISA authentication required, but cannot pass !).
And it makes no difference if you are SecureNAT or Web proxy client (I haven`t tried Firewall Client yet) !
Only, it is not clear from this article if you have to reapply SP1 after registry changes, I have had SP1 only before.
Regards,
Vladimir
|
|
|
|
|
RE: "protocol rules" and "content rules&... - 20.Feb.2004 12:40:00 PM
|
|
|
majstorv
Posts: 22
Joined: 24.Feb.2003
From: Belgrade,Serbia and Montenegro
Status: offline
|
Hello,
I have applied these KB solutions and managed to pass all IP protocols when "content groups" rules change from default ("all") to selected.
Other article also helps.
But the main problem is still here:
ISA treats "allow all content groups" different way than "allow selected/select all" which seems nonsense to me.
For instance, when I choose "select all" option , I cannot log in to Web mail on Yahoo.com. Concerning second article, I applied all service packs for IE and patches, and I can log in to Hotmail but Web page shows in a poor format.
When I return to "all groups" option button. Web pages show correctly.
Is there a cure for this?
Vladimir
|
|
|
|
|
RE: "protocol rules" and "content rules&... - 20.Feb.2004 8:15:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Vladimir,
I haven't an answer to that question. However, what is the ISA web proxy log telling you? Do you see a difference between both requests?
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
