Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Trouble understanding authentication/secureNAT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Trouble understanding authentication/secureNAT Page: [1]
Login
Message << Older Topic   Newer Topic >>
Trouble understanding authentication/secureNAT - 16.Feb.2008 11:16:27 PM   
fogus

 

Posts: 9
Joined: 16.Feb.2008
Status: offline 		I am having some trouble understanding how to deal with secureNAT, the firewall client, web proxy, and authentication.
 
All I want to be able to do is only allow certain users access to the internet.
 
 
The trouble I am having:
 
Whenever I disable my “allow any” rule, I lose all internet connection.  It doesn’t seem to matter that I have made allow rules for allowing port 80, 443, and 8080, none of my clients get web access unless I allow “All Outbound Traffic” rule for all users. 
 
This problem is independent of my configuration of the requirement of all users to authenticate on my internal network or whether I have installed the windows firewall client on the windows XP client machines.
 
Another worry is that when I do enable the “All Outbound Traffic”, requests made by authenticated users are not allowed based on any of the other “Allow” rules I have setup (in fact, the only rules I have made are allow rules), they are only allowed by my “All Outbound Traffic”.
 
Even worse, when I enable “Allow Email” (993, 25, 110, 587)
 
Here is an example rule configuration for your scrutiny:
 
--------------------------------------------------------------------------
Order:  First rule
 
[general]
Name: Allow Web Traffic
Enable: [check]
 
[action]
Action: Allow
Log Requests: [check]
 
[protocols]
Primary conditions:
Web traffic (20,21,80,443,8080)
Secondary conditions:
(none)
Application Filters:
(none)
 
[from]
Internal
 
[to]
External
 
[users]
All Users
 
[schedule]
Always
 
[Content types]
All content types
 
--------------------------------------------------------------------------
 
What is going on?  No users get access to any web pages even with this rule enabled.  Why not?
Post #: 1
RE: Trouble understanding authentication/secureNAT - 17.Feb.2008 6:28:38 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi fogus,

apart from the ISA help file and the excellent resources on http://www.microsoft.com/isaserver/techinfo/guides-articles.mspx, you can find some further info at:
- A different look at the ISA Clients
- Understanding the ISA 2004 Access Rule Processing.  

HTH,
Stefaan 

(in reply to fogus)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Trouble understanding authentication/secureNAT Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts