Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Can't get ISA to do proper authentication
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Can't get ISA to do proper authentication - 17.Dec.2003 4:44:00 PM
|
|
|
wrightg
Posts: 3
Joined: 17.Dec.2003
From: Vancouver, British Columbia, CANADA
Status: offline
|
I'm new to ISA; upgrading my Proxy Server 2.0 to ISA is my current project so please bare with me if I seem stupid!
We use ISA for outbound user authentication only with ISA behind another Firewall. The other firewall allows all traffic from ISA outbound. We also use SmartFilter for web content managment.
Most of my users get to the Internet via the Web Proxy and for this there is no problem. However some users also require special access using protocols other than HTTP, HTTPS and FTP via HTTP so they get the Firewall Client loaded.
When the users with the Firewall client only want to web surf, then because of the Firewall client, they bypass the Smartfilter content filter. I can turn on the HTTP Redirector this seems to force them back through SmartFilter. However, it does nothing to those users who use HTTPS. We do not want users accessing external Webmail for example and if they have the Firewall client then there is no way we can stop them. And anybody can load the client as it is freely available from many places on the net.
I have tried creating both Protocol and Site & Content rules to prevent this but there is just no way that I can get these different rule sets to work together. There appears to be no ordering of the rules avalable.
On Proxy Server, the client software and WebProxy had a separate rule for HTTP/HTTPS. Is there anyway to duplicate this on ISA ??
Thanks.
|
|
|
|
|
RE: Can't get ISA to do proper authentication - 21.Dec.2003 3:00:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Greg,
Configure the HTTP redirector to drop requests from firewall and securenat clients. Then configure all clients as Web Proxy clients. That should solve the problem!
HTH,
Tom
|
|
|
|
|
RE: Can't get ISA to do proper authentication - 22.Dec.2003 5:35:00 PM
|
|
|
wrightg
Posts: 3
Joined: 17.Dec.2003
From: Vancouver, British Columbia, CANADA
Status: offline
|
Of course ! I knew that (wink, wink, nudge, nudge, know what I mean!).
Really, I never even noticed that button. Ok, now that I have noticed it, please tell me what the difference between turning that button on and just turning off the HTTP redirector?
I know that there must be a difference, but what exactly is it?
Thanks.
|
|
|
|
|
RE: Can't get ISA to do proper authentication - 22.Dec.2003 5:47:00 PM
|
|
|
wrightg
Posts: 3
Joined: 17.Dec.2003
From: Vancouver, British Columbia, CANADA
Status: offline
|
One further thing. Turning on the "Reject HTTP requests from Firewall and SecureNAT clients" does nothing to prevent my users from using HTTPS to access the internet. In particular, they can still access their private webmail sites even with this turned on. In Proxy Server, there were separate filters/rules which handled both HTTP and HTTPS; one for Proxy clients and on for WinSock clients. I need that kind of granularity in my control.
Thanks
Greg ...
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
