Hey guys im new to the forum but have a ISA Server 2006 Enterprise setup, i set it up manually so not too clued up on the white papers and how it should be done. The problem im having is that when the clients input the router address into the default gateway with a valid DNS server they get direct internet access, i have zero clue and tried to block the router address so that no traffic could go through to it, and then tried to play around with the filtering and not too sure what to change, i have setup authentication linking to domain accounts for the proxy and extension blocking. What are the ways that i can force the clients (which have admin rights) to stop bypassing my proxy? Its a serious issue and i have linked the cables up correctly as well, one link going to the ISA server from the router and the other going from the server into the switch, so that people dont get full access. What can be done? Im using a Juniper router which i have zero access to (console access). Thanks so much for the help
Edit: I also tried to change the condition so that Domain User accounts from the Domain are only allowed HTTP access and still no luck, im really running out of ideas.
< Message edited by VulcanX -- 26.May2009 6:50:22 AM >
Ok i have 2 NICs on the proxy server itself, one is linked up the switch (which then in the whole network links to everything) and the other is directly into the router. My network is laid out as follows, all clients connect to switches, the switches then connect to the MAIN switch, its very old but cash was tight and i had to make it work. Only when the default gateway is configured to have the routers address can they do that, other than that it shouldnt be possible as my DHCP gives out addresses with the correct proxy default gateway which allows the proxy to come into play. So with all that said, how do i ensure that the clients go through the proxy? I was thinking of putting in a Security Policy for the IP Config so that the users cant change the IP addresses, but they are admins so they can obviously work a way around it. Oh and i also have routing happening with the ISA between my 2 NICs in order to FORCE users through the proxy but its not limiting the guys who are directly connecting through the Juniper. Appreciate any help you guys can give me
Thnx for the reply Paulo, i just want to find out how i could go about getting one gateway only, as i tried my aboslute best to get it working and forcing the users to go through the ISA server but bcoz of the routing i have between the one IP range to the other, its routing the requests directly to the router, which isnt correct at all, and i cant configure the juniper as its hosted by another company which means they look after it for us. So how do i proceed here?
If you have a hardware firewall at the top of your network, block port 80 and 443 on all clients apart from the ISA server. This will solve your problem.