Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Track SNAT client use using ISA as gateway?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> Track SNAT client use using ISA as gateway? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Track SNAT client use using ISA as gateway? - 15.May2003 8:24:00 PM   
SwankJake

 

Posts: 9
Joined: 25.Apr.2002
From: Mount Carroll, IL
Status: offline 		I work for a school. Here's the plan for my simple setup. T1 to router to ISA. ISA to two routers. The two routers reside in different buildings. In each building will be a Server 2000 Domain Controller. Both will sync up at night via a point to point connection so that everything is same-same between buildings. The Domain Controllers in each building will be pulling the DNS and DHCP duty. Throw an Exchange server in the mix that pulls user info from the domain's Active Directory. I plan on setting the gateway for all DHCP clients to be the ISA server. All clients will have IPs that are unroutable over the Internet and the same will be true for the "South NIC's IP address" on the ISA server. North nick will obviously be an IP address given to us by our ISP.

I have two questions:

1.) Can ISA Standard Ed. track a student after he/she logs on through Active Directory (AD stored on DC and not on ISA) of either one of the DCs and produce a log so I can see who is going where? Keep in mind that all systems are set up for content filtering with ISA set up as client gateway through DHCP servers.

2.) Should the web server be published through ISA or set up in its own DMZ (I read this somewhere but don't understand it yet)?

Great site and great books. I'm 1/4 the way through the first one and the tutorial got our district back on line after the previous guy did things that I can't begin to describe to ISA - a case study I'm sure.

Thanks
Post #: 1
RE: Track SNAT client use using ISA as gateway? - 16.May2003 4:43:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jake,

Thanks for the compliments on the site and books! [Smile]

If you want to track students by their user names, you should configure the machines as both Firewall and Web Proxy clients. That maximizes your ability to match up student activity with their user name. The users will have to log into the domain for the Firewall service logs to report meaning information, though.

HTH,
Tom

(in reply to SwankJake)
Post #: 2
RE: Track SNAT client use using ISA as gateway? - 16.May2003 5:41:00 PM   
SwankJake

 

Posts: 9
Joined: 25.Apr.2002
From: Mount Carroll, IL
Status: offline 		Alright. So...with the setup I described (having the ISA server setup as gateway to clients through DHCP server) I can simply (nothing is simple) configure student systems as Firewall and Web Proxy clients. Obviously...the ISA server will need to be part of the domain. Well - now I know what to read in order to make this happen. I was confused in the reading that I wouldn't be able to track activity with the Standard Edition of ISA. I'm glad I'll be able to. Students will not be glad.

Thanks!

(in reply to SwankJake)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> Track SNAT client use using ISA as gateway? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts