I've inherited several Enterprise ISA 2006 servers. All configured with a single interface (cringe) and (so I've been told) installed to the same baseline.
It would appear from the firewall log files for one of the servers that connection attempts from the "Anonymous" user are being allowed through the firewall. There is a FW ACL to allow Anonymous connections to a wide range of sites (like CISCO.COM and many others) that allows the "All Users" user set. Does this mean that the Anonymous user is ALSO allowed? Is there a reason to have this ACL at all? The http/https rule allows access to the Domain Users user set. Does this not mean that after the two initial requests and the third request for authentication, tha the authenticated user will be allowed to connect regardless of the "Anonymous" web conneciton requirement? Domo for any enlightenment!
From: Amazon, Brazil
if the access rules are configured to All Users group, it means ISA is allowing any user, including anonymous. To make sure only authenticated users get access through ISA firewall, you must include a group from AD or RADIUS only.
The reason for some access rules allows anonymous access is that some websites, java applets in most cases, donīt work well with authentication proxies and keeping asking user to authenticate, even though the authentication already happend tranparently (in case of using Integrated Authentication).
From: Lebanese in Kuwait
By default, the first connection attemp will always be anonymous, IF the connection required authentication, the attemp will will and the user will be asked for authentication and hence the user will send his credentials. However, if you have the Condition ALL Users, and the connection attempt was granted, the user will never be asked to authenticate.