Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Anonymous Authentication blocking web thin clients
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Anonymous Authentication blocking web thin clients - 16.Jul.2008 2:40:28 PM
|
|
|
DanielMcIntyre
Posts: 13
Joined: 28.Sep.2007
Status: offline
|
I have ISA 2006 with Cyblock ISA plugin for web filtering. Cyblock requires Authentication be setup with Integrated Authentication and "Require all users to authenticate" checked. Any time a user has to access a site that would load a thin client or application, or if they use an application on their PC that needs to communicate with a specific server for updates or data transfer, they get blocked. When I query the particular PC in question, ISA shows that it is blocked because of Anonymous authentication.
Is there a way to force the users credentials? It is always with apps that are not a part of IE or Java applets and things of that nature.
Also, is this something that loading the ISA firewall client could fix?
Thank you for your time.
|
|
|
|
|
RE: Anonymous Authentication blocking web thin clients - 16.Jul.2008 3:31:22 PM
|
|
|
paulo.oliveira
Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
maybe the app doesn´t support authentication. Check the app docs.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Anonymous Authentication blocking web thin clients - 16.Jul.2008 4:06:50 PM
|
|
|
DanielMcIntyre
Posts: 13
Joined: 28.Sep.2007
Status: offline
|
This is happening with several apps. I am not sure how I can check something like that.
|
|
|
|
|
RE: Anonymous Authentication blocking web thin clients - 16.Jul.2008 4:56:34 PM
|
|
|
paulo.oliveira
Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
does all this app support authentication? You have to check with the vendor. Some application doesn´t work with authentication, only using anonymous access.
What I´m trying to say is ISA is doing what is configured to do, asking for auth.
A workaround for this issue is create an access rule allowing anonymous access only to these specific sites.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Anonymous Authentication blocking web thin clients - 16.Jul.2008 5:02:29 PM
|
|
|
DanielMcIntyre
Posts: 13
Joined: 28.Sep.2007
Status: offline
|
OK, thank you, but where do you specify the sites. ISA 2000 used to have destination sets, where you can specify sites, but I have not come across that yet with 2006. When I try to creat the rule it only specifies protocols.
Thank you
|
|
|
|
|
RE: Anonymous Authentication blocking web thin clients - 16.Jul.2008 5:11:20 PM
|
|
|
paulo.oliveira
Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
you can create destination sets/URL sets using ISA console mgmt. Choose the toolbox tab and go to Network Objects, click New and choose the apropriate object. In the access rules properties you can select the created destination sets/URL sets.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Anonymous Authentication blocking web thin clients - 18.Jul.2008 3:52:23 PM
|
|
|
DanielMcIntyre
Posts: 13
Joined: 28.Sep.2007
Status: offline
|
I have created the URL set, but there is no option for the anonymous user when creating an access rule. Also, my only firewall policy allows All Outbound From All Networks to All Networks for All Users. (we have hardware firewall supplied and managed by our ISP, so I don't need to block any ports or protocols via ISA. It is only a Web Proxy Filter) So I would think that the anonymous user would be included in that.
|
|
|
|
|
RE: Anonymous Authentication blocking web thin clients - 21.Jul.2008 8:25:28 AM
|
|
|
paulo.oliveira
Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
when you choose the condition All Users, you´re acctually saying that all authenticated and unautheticated users are allowed. So All users, include anonymous...
If you select authenticated users, then only users who successfully authenticate are allowed.
Regards,
Paulo Oliveira.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
