Hi all, I have my internal host configured as both SecureNAT and FW Client (Default GW->Internal NIC IP address). When I add a protocol rule to restrict specific domain users from using FTP(Or telnet,etc), I can't get any protocols to work at all (even though FTP was the only protocol that was restricted). When i change from "applies to" specific users -> all destination, everything works fine again. Please tell me why User Authentication doesn't work with protocol rule. Thanks, Firepot
Create protocol rules that allow access, and assign permissions to those users/groups you want to use it. Don't include users/groups that you don't want to use it.
Strangely, all protocols stops working when I applies the rules to specific users/groups instead of specifying all requests or client sets. Any idea? (I have the internal server configured as FW Client and SNAT at the same time). Is it possible that the SNAT client takes precedence over the FW client? THanks, Firepot
What protocol rule seems to be stopping everyone from accessing the site? Enable all fields in your Web Proxy and Firewall logs and then check for what rules are blocking access.
Any protocol rules that apply to specific users/groups instead of applying to any request would stop the protocols from working. Need help badly. thanks,firepot
I think I know what the problem is. You are absolutely right. Even though my ISA server is a member of the internal domain, my terminal server (sitting on the outside of the ISA external network) can't join the domain. I will follow your instruction on how to publish services for intradomain communication to see if it will resolve the problem. One concern I have is that will the TS users (with firewall client installed) be authenticated given the protocol rules defined to do so. Please let me know if you can help. I have my TS default gateway point to the external interface of the ISA server and use internal DNS servers for name resolution for the TS. Would this cause any problem ?
There are a lot of adverse consequences of the intradomain communcations setup I describe in that article. It was mostly a lab exercise. Check out this article:
================== INFO: ISA Server Does Not Support Domain Members In Perimeter Network The information in this article applies to: Microsoft Internet Security and Acceleration Server 2000 Microsoft Internet Security and Acceleration Server 2000 SP1
This article was previously published under Q329807 SUMMARY Microsoft Internet Security and Acceleration (ISA) Server 2000 does not support having domain members or domain controllers in the perimeter network that belongs to a domain on the internal network behind ISA.
Domain or inter-forest trust relationships between a domain or forest in a perimeter network and a domain or forest on the internal network behind ISA are also not supported. MORE INFORMATION This applies to both back-to-back and three-homed perimeter networks. Last Reviewed: 10/26/2002 Keywords: kbinfo KB329807 kbAudDeveloper ====================
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Protocol rules does not work when applied to domain users/groups 
Protocol rules does not work when applied to domain use... - 
RE: Protocol rules does not work when applied to domain... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread