Does integrated security work with the firewall client, or does it just utilize the web proxy service. I have a test ISA server setup with outgoing web requests being processed just using integrated security. Without using the proxy settings in IE and just using the firewall client, my requests get denied. But when I enter the proxy info into IE, it works like a champ.
The setup I am using is ISA Installed on a Win2k SP2 server. I am trying to get out to the web using a machine running Win2k SP3 and IE6. With Integrated security for outgoing requests turned on, it will not let me out to the web and gives me this message
403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) Internet Security and Acceleration Server
Is there something other than specifying in the Access policy who has access to the web that I need to do with this security turned on?
The firewall service doesn't forward requests to the Web Proxy service. If you have authentication required to access the Web Proxy service, then you'll need to configure the Web Proxy client.
I'm sorry, I think we are getting mixed up here. We don't have a web server. I want to use Integrated Authentication and the firewall client to allow my internal users out to the internet. I currently just have Integrated Authentication turned on as the only authentication mechanism for outgoing requests. And in the Site and Content Rules as well as the Protocol Rules I have a rule setup to allow just me and one other user out to the internet for testing. I don't want to specify the proxy settings for the web browser, but that is the only way I can get out to the internet. Thanks for your replies and hopefully I am just missing something here.
You will find that if you are creating rules, that only give access to certain users/groups, based on your site and content rules, and your protocol rules, and you have the HTTP redirector set to send all requests to the web proxy service, then only those users/groups that you gave access to will be able to get out through ISA, and the users/groups will need to have the proxy setting defined in there IE. This is because SNAT clietns and firewall clients cannot authenticate to the webproxy service. To get around this you will need to create a separate S&C rule, and protocol rule for each client that doesnt have proxy defined in there IE. This will allow these clients to bypass the webpoxy service.
You will find that if you are creating rules, that only give access to certain users/groups, based on your site and content rules, and your protocol rules, and you have the HTTP redirector set to send all requests to the web proxy service, then only those users/groups that you gave access to will be able to get out through ISA, and the users/groups will need to have the proxy setting defined in there IE. This is because SNAT clietns and firewall clients cannot authenticate to the webproxy service. To get around this you will need to create a separate S&C rule, and protocol rule for each client that doesnt have proxy defined in there IE. This will allow these clients to bypass the webpoxy service.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Integrated Security Question 
Integrated Security Question - 
RE: Integrated Security Question - ![[Smile]](/image/smiles/smile.gif)
RE: Integrated Security Question - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread