Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall Client ignoring denied accesses

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall Client ignoring denied accesses Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall Client ignoring denied accesses - 21.May2007 4:07:47 PM   
Networker

 

Posts: 7
Joined: 15.Mar.2006
Status: offline 		I have some stations in a network having access to Internet with proxy from ISA 2004. I created rules of special access (TCP port 8080, 1352, 3299, etc) to Internet with Firewall Client for some stations. But the problem is the stations with Firewall Client having full access to Internet, ignoring filter rules to deny improper sites for Proxy Service access.
Have somebody here that solved this kind of problem to try to help me?
Thanks.

< Message edited by Networker -- 23.May2007 10:48:59 AM >

_____________________________

Arcelor Group.
Post #: 1
RE: Firewall Client ignoring denied accesses - 11.Jun.2007 8:59:24 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Firewall clients do not ignore Access Rules.

There are no "filter rules" unless you're referring to the HTTP Security Filter.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Networker)
Post #: 2
RE: Firewall Client ignoring denied accesses - 4.Jul.2007 6:25:25 AM   
fetict

 

Posts: 2
Joined: 4.Jul.2007
Status: offline 		we have the same issue with enabling the firewall client.

we have worked out that Firefox by default uses http1.1 and if you enable HTTP1.1 through a proxy connection in IE both bypass ISA webfilter plugins.

we use
ISA 2004 (latest patchs)
Win 2003 ( fully patched)
webmarshal  as an ISA plugin.

if you disable ISA firewall client users cannot bypass. t This sounds like ISA cannot handle HTTP1.1 correctly from a client.


so my question is, are there any easy ways to drop any HTTP1.1 requests. i have tried the HTTP header filter and this seems to slow down the first page that a user requests but then operates normally for the seassion that the browser is open.for

(in reply to tshinder)
Post #: 3
RE: Firewall Client ignoring denied accesses - 4.Jul.2007 12:05:55 PM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		If there is a rule that allows the FWC to access a site using a specific protocol, then the user will have access. If you don't have such a rule, then the connection will be blocked. Sounds like Web Marshall isn't coded correctly to take into account FWC connections.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to fetict)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall Client ignoring denied accesses Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts