FW client and other browser apps - 21.May2003 2:04:00 PM
Guest
Hello All,
I have a pc that has the fw client that connects over the internet to a remote citrix server. The problem is they have to connect to the WAN (which is a totally different connection)with IE to run another browser app, which doesn't need to go through the ISA server. Is there a way to circumvent the fw client for that app?
can you give us some more info about the exact network setup? A little simple ASCII diagram can explain a lot. Just place it between the Instant UBB Code tag 'CODE'.
The client is setup as a webproxy client with a firewall client. The internet works fine, but we have a browser based app that needs to go out through the WAN gw. The client gw is set to the WAN router. I have a static route on the client that is supposed to route the app through the WAN, but it seems the firewall client will not let this happen. I'm guessing because the app is using the browser and the browser is locked into the firewall client. I set the advanced under proxy to bypass the address the app needs, but it doesn't work.
to understand how the client host should be configured, you must first understand on which layer in the TCP/IP protocol stack the different ISA client types works. Check out my article http://www.isaserver.org/articles/IPSec_Passthrough.html , section 4 'Configuring ISA Clients' for further info.
Assuming you *completely* trust the destinations reachable through the WAN, you should include those destinations in the LAT on ISA server. This will tell the Firewall client *not* to redirect those requests to the ISA server. Following the same logic, those destinations should also be configured for direct access in the Web Proxy configuration. How the default gateway should be set on the client is depending on your internal network structure. If you point the default gateway to the WAN router you don't need a static route.
Very informative article. Thanks. My default gateway on my client is set to the WAN ip. The browser is set to bypass isa for the WAN address considered local. The WAN ip is in the LAT. None of these has worked. I guess I'll try something else. Thanks!
you said "The browser is set to bypass isa for the WAN address considered local. The WAN ip is in the LAT." What do you mean with the WAN IP? It sounds like this is the IP address of the WAN router. If that's the case, it will not work.
Reread carefully my previous post. I told you to include the destinations reachable through the WAN in the LAT on ISA server and configure them for direct access in the Web Proxy configuration too. It should work this way!
When I say "WAN IP", I mean the address I need to connect to over the WAN, not the WAN router. It is in the LAT and the web proxy configuration. So I guess it's back to the drawing board.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> FW client and other browser apps 
FW client and other browser apps - 
RE: FW client and other browser apps - 
![[Razz]](/image/smiles/tongue.gif)
![[Big Grin]](/image/smiles/biggrin.gif)
![[Smile]](/image/smiles/smile.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread