Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Secure NAT clients and Web access

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> Secure NAT clients and Web access Page: [1]
Login
Message << Older Topic   Newer Topic >>
Secure NAT clients and Web access - 25.Feb.2005 4:51:00 PM   
GavinPowell

 

Posts: 1
Joined: 25.Feb.2005
From: UK
Status: offline 		Hi,

First post so please forgive me if its in the wrong place/or already been covered.

Heres my problem. We need to allow unauthenticated access for certain protocols to allow particular websites that we require to work properly. These sites use combinations of Java, and other "stuff"

I thought I would be clever and open the ports on the ISA server and set the machines up as secure NAT clients. However some smart guy has worked out that by turning off the proxy settings in IE that they can get to websites without any authentication required.

I cannot work out how to allow these packages to keep working but prevent access to websites specifically for the secure NAT clients, and still allow the proxy clients to work properly (as they authenticate and can be better controlled)

Any help/suggestions/flames anything at all! would be great.

Thanks in advance
Post #: 1
RE: Secure NAT clients and Web access - 26.Feb.2005 7:55:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Ogami,

I think your best option is to configure each workstation as a Web Proxy and Firewall client. In that way you can require authentication on your protocol and site&content rules. Also, it might be necessary to configure those particular sites for direct access.

For more info, check out http://www.isaserver.org/tutorials/Configuring_Web_Proxy_Clients_for_Direct_Access.html .

HTH,
Stefaan

(in reply to GavinPowell)
Post #: 2
RE: Secure NAT clients and Web access - 2.Mar.2005 6:46:00 PM   
wewa

 

Posts: 5
Joined: 22.Nov.2003
Status: offline 		Im having the same problem with trying to restrict sercureNat clients. Isuzu has changed their web access to a new portal.(dealers.isuzu.com)
To logon to it you must enter a username, password and a domain. I have experimented with this enough to know only the username and password are required, You can leave the domain blank.
If i configure the secure nat for no restrictions to any web site and limited protocals it works fine. But if you try to stop the secure nat client from getting to www.google.com by using a site and content rule with a selected destination set the Isuzu will fail when you try to logon. I have tryed everything i can find at isaserver.org even seting up a dns server. Giving the sercure nat client full access to all web sites negates having a firewall.

Im open for any sugestions and even considering getting isa server 2004 if i can clear this problem with it.

julio

(in reply to GavinPowell)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> Secure NAT clients and Web access Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts