• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Surf Control - Using 'application filter - web proxy filter' breaks DMZ web pulishing!!

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Surf Control - Using 'application filter - web proxy filter' breaks DMZ web pulishing!! Page: [1]
Login
Message << Older Topic   Newer Topic >>
Surf Control - Using 'application filter - web proxy fi... - 15.Mar.2007 6:32:55 AM   
davos

 

Posts: 3
Joined: 15.Mar.2007
Status: offline
Hi,

I have a problem with a client who's DMZ based webmail and extranet servers stop publishing web content when using the application filter 'web proxy filter' on the protocol http and https.

The client is running ISA2004 in secure nat / ISA firewall mode with Surf Control webfilter for ISA installed on windows 2K3. The DMZ webmail and extranet servers do not have the ISA firewall installed / enabled.

This situation arose from a circumstance whereby network users (students) were bypassing the webfilter proxy by using 'firefox portable' web browser (requires no installation rights) without any proxy client settings thus circumventing any Group Policy and allowing them to go straight through the firewall to any site unrecorded on port 80 as opposed to 8080. There was another simultaneous problem whereby students were bringing in their own laptops (of which they are obviously local admins) then changing their proxy client status and again bypassing the Proxy Filter and again straight out on port 80.

We have for the time being resolved this issue by creating a rule for 'all transparent http/https deny' and then created a rule to allow all 8080 traffic just below this according to the user groups (students) privilages (staff are above the transparent http/s rule - thus allowing all access).

However, this is the problem, using this transparent http/s rule is having a screwy effect on Skype which seemingly uses random ports to get out on and is preventing the Students using the app (and there are many international students). Now, ... we had initially thought that using the application filter option - 'web proxy filter' on protocols http(s) would route all web based traffic (80; 443) through the Surf Control web filter which would then have to conform to the Surf Control access policy - which it did and seemed to work fine.

BUT, upon closer inspection and further use it became apparent that access to the DMZ web servers webmail / extranet / website was not working fully over http/80 and https/443 from external sources. The webmail login page/form would load but as soon and the anonymous user tried to authenticate the page would 404 error.

For this part of the quandry, leaving aside the Skype problem for the moment, I would like to know why using the application filter - web proxy filter on the http/s protocols breaks the webserving from the DMZ and if anyone has experience of similar problems?

I thank you very much for your help.

David
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Surf Control - Using 'application filter - web proxy filter' breaks DMZ web pulishing!! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts