• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall and Web Access

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall and Web Access Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall and Web Access - 1.Apr.2003 7:03:00 PM   
sostew

 

Posts: 15
Joined: 5.May2002
From: Illinois
Status: offline
Why would a user be unable to access the web with the firewall client on, and have to add the ISA server in the proxy settings of IE to get to web sites? They are saying that before changes were made to the ISA server, all they needed was for the firewall client to be turned on. Anyone have an idea? I was not here when the changes were made to the ISA server and I am trying to figure out what might have been changed. Thanks
Post #: 1
RE: Firewall and Web Access - 1.Apr.2003 7:09:00 PM   
minerat

 

Posts: 142
Joined: 19.Mar.2003
From: Philadelphila
Status: offline
Check the HTTP redirector (app filter). It could be set to reject requests from firewall/securenat clients.

(in reply to sostew)
Post #: 2
RE: Firewall and Web Access - 1.Apr.2003 7:17:00 PM   
sostew

 

Posts: 15
Joined: 5.May2002
From: Illinois
Status: offline
Thanks AndrewM, but that looks fine. Any other ideas? Thanks

(in reply to sostew)
Post #: 3
RE: Firewall and Web Access - 1.Apr.2003 7:36:00 PM   
skipster

 

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline
If you are requiring authentification for your protocol rules, and site and content rules, then even if the HTTP redirector is set to redirect requests to the local web proxy service, the firewall serivce will strip off the authentification, and the request will be denied. I'm 90% sure about this. Test this out and se for yourself. Please if I'm wrong someone let me know.

(in reply to sostew)
Post #: 4
RE: Firewall and Web Access - 1.Apr.2003 8:46:00 PM   
sostew

 

Posts: 15
Joined: 5.May2002
From: Illinois
Status: offline
That was exactly it. Thanks skipster!

(in reply to sostew)
Post #: 5
RE: Firewall and Web Access - 1.Apr.2003 8:55:00 PM   
skipster

 

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline
Great. I'm glad to help, and thanks for getting back to me on this one.

(in reply to sostew)
Post #: 6
RE: Firewall and Web Access - 1.Apr.2003 9:08:00 PM   
sostew

 

Posts: 15
Joined: 5.May2002
From: Illinois
Status: offline
Maybe I spok to soon. Now it seems with the firewall client disabled, and nothing in the IE proxy settings, users can get to the
internet. What am I missing here? Thanks

(in reply to sostew)
Post #: 7
RE: Firewall and Web Access - 1.Apr.2003 10:00:00 PM   
skipster

 

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline
Are the users also configured as SNAT clients? If the clietns have no firewall client software, no webproxy settings in IE, and is not a SNAT client, then they arent using your ISA server to get out. You have to tell the machines how to get out somehow.

(in reply to sostew)
Post #: 8
RE: Firewall and Web Access - 2.Apr.2003 5:49:00 AM   
sostew

 

Posts: 15
Joined: 5.May2002
From: Illinois
Status: offline
OK skipster,

What is the difference from between Secure NAT and using the Firewall client? I want to use the firewall and not secure NAT? I want to discourage users from bring in laptops and getting on the Internet. How do I configure that? Thanks

(in reply to sostew)
Post #: 9
RE: Firewall and Web Access - 4.Apr.2003 2:06:00 AM   
skipster

 

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline
The major difference between the firewall client and SNAT is. you can use athentification with the firewall client, and it allows you to use protocls that require secondary connections. Like FTP, or MSN messenger. If you have a domain environment, and ISA is part of the domain, then you can setup all your access rules to require authentification. If the user does not have an account on the domain, then he or she will be denied access. Make all the clients firewall and proxy clietns, and require authentification on all of your rules. this will prevent a user from hooking up a laptop on your network and getting access. SNAT clients can only have access to protocols that are listed in the protocol definition list.

Hope this helps

(in reply to sostew)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall and Web Access Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts