Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Users aren't always directed to the ISA server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Users aren't always directed to the ISA server - 17.Nov.2008 3:42:01 PM
|
|
|
bjmoore
Posts: 2
Joined: 17.Nov.2008
Status: offline
|
Long time lurker..first time poster here.
I have two ISA Enterprise 2006 servers set up in an array, each with the Websense ISAPI plugin, providing strict web filtering for a large farm of terminal servers. Users are local to each server, so we've got a .reg file that we merge in during each user's login to automatically set the proxy, port and exceptions in IE6.
99% of the time, this works great. The other times, traffic from the users browsers does not go through the proxy. The browser shows that they are pointed to the proxy with the correct port and exceptions, but the browser does not pass traffic to the ISA servers. Since there are firewall rules set up preventing direct Internet access from the terminal servers, the users traffic is then denied. It is very clear in the firewall and Websense logs that the traffic is going directly to the firewall, instead of through the ISA servers.
Has anyone ever seen behavior like this before? I've tried using local Group Policy to set the proxy address, using a PAC file instead of directly entering the proxy information, all to no effect. Something to mention is that for the most part, the site that causes the most problems has a redirect in it, and is a secure site.
Thanks for any thoughts or testing that might help me shed a little more light on this problem.
Ben
|
|
|
|
RE: Users aren't always directed to the ISA server - 20.Nov.2008 9:34:38 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Why you do a Netmon trace ont he firewall, so you see the connections being directly to the firewalls TCP port 8080?
When the firewall's live loggig and see what appears for Web based connections to confirm if the connections are being made to the firewall's Web proxy filter.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Users aren't always directed to the ISA server - 20.Nov.2008 4:35:49 PM
|
|
|
bjmoore
Posts: 2
Joined: 17.Nov.2008
Status: offline
|
Hey Tom,
When I look at the firewall's live logging, I'm not seeing any traffic coming through the ISA server's web proxy. I know that indicates a problem with the browser, but looking for feedback about what other folks have seen, and also what a more "bombproof" setup might be for the IE proxy settings.
Thanks!
Ben
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
