Posts: 78
Joined: 4.Jan.2002
From: Bradenton, FL USA
Status: offline
Currently GFI Download Security requires users to access the internet through the Web Proxy client. For companies that want to use the Firewall client this is a problem. GFI Download Security will not check any files that are transfered throught the Firewall Client. GFI's documentation states this and it is not a fault of either ISA or Download Security.
I would like to see those who would like to see exclusive Firewall support added to Download Security request it by sending and e-mail to info@gfi.com.
If my understanding of this is wrong please correct me.
As a workaround, can you not achieve this with 2 ISA servers? When you use only the firewall client, the request still gets forwarded to the proxy, which can then be configured to chain to another proxy server which will have GFI DL Security installed.
Andrew, Can you provide any more information please... Email below from GFI UK Support indicates that they know nothing about any plans for firewall client support ????
Thanks Paul
<<snip>> Thanks for your mail and interest in GFI DownloadSecurity
Unfortunately IĈm not aware of any plans to allow the use of the Microsoft ISA firewall client with GFI DownloadSecurity.
Please don't hesitate to contact me if you have any further questions, or if you feel you need further explanation or assistance.
Thank you for your co-operation.
With Best Regards,
Damien Carlton - GFI Software Ltd Security & Messaging software for Windows 2000 GFI: MailSecurity - FAXmaker - DownloadSecurity for ISA Server - LANguard Security Event Log Monitor http://www.GFI.com
It absolutely does. A development patch of this month already fully implements it. The next revision should allow exclusions / fitering the firewall client to be disabed (right now you don't have a choice, web proxy and fwc straight through are filtered). I'm using it right now. Unfortunately there's a bug in it that causes the service to crash every so often, but the lead dev is working on fixing that.
The Firewall service stopped because an application filter module C:\Program Files\Microsoft ISA Server\DSECISA.dll generated an exception code C0000005 in address 0FF02FF8 when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.
First, thank you for your reply. I was hoping for a reply on the GFI Forums on this - well, at least there is now one more user there complaining on this problem - probably they might fix it if there are enough users complaining!
Even if it might be off-topic for this board (well, the error message was too): If the problem seems to affect in general web filters - wouldn't that be a hint that the problem is in ISA 2004? SP1 doesn't cure that either...
If so, then using 3rd party web filters wouldn't be recommended at this time (for the sake of ISA's stability) - until there is a fix from MS? Is the usage of web filters with ISA generally not recommended? Should we better look for a standalone product?
The Firewall service stopped because an application filter module C:\Program Files\Microsoft ISA Server\DSECISA.dll generated an exception code C0000005 in address 10002FF8 when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.
After working with the lead dev, the problem was fixed in an update on Febuary 11th. ftp://ftp.gfisoftware.com/temp/netmon/update11022005.zip I don't know if this patch is incompatible with the cumulative patch released on March 7th. I don't know whether the fix for this issue was included in that or not. I'm guessing the next update listed on the server (11/03/05) includes it as well. I can only vouch for the 11/02/05 update.
NOTE: This patch update includes the functionality that filters all web proxy & firewall http traffic. It cannot be disabled for one without diabling for the other. I've been using this patch since it was uploaded. I don't know why GFI support doesn't have the info. I'll post in the thread on the forums.
The patch update11032005.zip seems to have solved my problem. I've been monitoring the service for two weeks now and it's running without any crashes.
As Andrew said above, this patch adds virus scanning to SecureNAT and Firewall clients. If you shouldn't like this new feature, you can deactivate virus scanning for http traffic by editing the default http protocol and unchecking the "Web Proxy filter" under "Application filters", Parameters tab.
Don't worry, virus scanning remains active for Proxy Clients!
RE: GFI Download Security Feature Request - 22.Sep.2005 5:12:00 AM
Guest
If you shouldn't like this new feature, you can deactivate virus scanning for http traffic by editing the default http protocol and unchecking the "Web Proxy filter" under "Application filters", Parameters tab.