• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA and Apple Macs

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Installation >> ISA and Apple Macs Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA and Apple Macs - 1.May2002 3:58:00 PM   
brybo

 

Posts: 3
Joined: 1.May2002
From: Liverpool
Status: offline
Hi, I'm new to ISA and new to ISAServer.org, so I'll start by saying sorry if I posted something already covered and in the wrong place :-)

I have just installed ISA at home and am starting to get things working....slowly.

So far I have got Microsoft Clients through the firewall no problem.....although I'm having a little bother downloading pop3 mail.

The main issue I have though is I cannot get my Apple iMac to go through the firewall. I have it configured as a secureNAT client as the rest of the machines are, but when I try to view a web page, I get prompted for security details, but then rejected by the ISA server straight away.

Can anyone help get an apple working through ISA please?

...also, just following a chapter from the MS book (sorry Tom, this was supplied by work :-) ...there is a step one style tutorial that says configure one rule single rule that allows all IP. It says this is safe to do and will not compromise your network security as ISA will always block all in bound traffic, and only allow out bound clients. How true is this? How safe is this rule?
Post #: 1
RE: ISA and Apple Macs - 1.May2002 7:43:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bry,

Well, I won't blame you, but you need to tell your work to get the right book! [Big Grin]

Sounds like you created an "all open" rule for outbound access. That should work for all clients, as long as you didn't play user/group access controls over the rule. Check out the default Site and Content rule and make sure there are not access controls on that either.

The Macs can't authenticate, so you need to make sure they can get around authentication. You can allow basic auth on the outgoing web requests listener, or create a client address set and allow access based on the client address set.

HTH,
Tom

(in reply to brybo)
Post #: 2
RE: ISA and Apple Macs - 10.May2005 8:40:00 PM   
MSD

 

Posts: 3
Joined: 5.Apr.2005
Status: offline
quote:
Originally posted by tshinder:

The Macs can't authenticate, so you need to make sure they can get around authentication. You can allow basic auth on the outgoing web requests listener, or create a client address set and allow access based on the client address set.

HTH,
Tom

Hi Tom,

I'm also having an issue with a Mac. While I can get him to browse out through the ISA server. I can see the MSPLogs that show his traffic, but I do not see access via SurfControl.

Is there a way to do this?

Thank you.

(in reply to brybo)
Post #: 3
RE: ISA and Apple Macs - 10.Jul.2005 12:51:00 PM   
mwilso09

 

Posts: 5
Joined: 16.May2005
Status: offline
I have scoured the posts for an answer to a simular problem. Please let me know if I missed somewhere it is already explained.

I am running ISA 2004 as a web proxy and want to be able to do user based logging. I therefore have integrated authentication on. This works fine for users that are part of our AD Domain. However, we are a school and there are lots of users that use Macs or Windows that are not part of the domain. These users get an authentication pop up box EVERY browser window they open. Its quite maddening. Is there a way I can leave authentication on, but the client can remember who they are for their session? I will eternally love ISA if it can do that.

One last thing...is there a way for Mac's to use Automatic Discovery to figure out who the Proxy is? On the config pages on OS X, it has a field to enter the location of a "*.pac" file to configure proxy settings, but it doesn't seem to like the path I manually enter there for ISA's default url config script. Any ideas on this?

(in reply to brybo)
Post #: 4
RE: ISA and Apple Macs - 11.Jul.2005 11:36:00 PM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
Hi Folks,

allowing a MAC access is the same as allowing Unix boxes in the article Allowing Unix's through ISA .

The reason why this is done is because the Mac, like most (if not all) *nix's don't know how to send user credentials when prompted with a "please autheticate" response from ISA.

mwilson09 - what your asking is essentially impossible. "I want ISA to always ask for authentication... every time... except for..."
Take a look at Order of rule processing in Microsoft ISA and the story about a bouncer who was given similar instructions... Programatically defining rules that our minds can easily visualise is the challenge here.

I'm unsure about AutoDiscovery and Mac, although in principle I can see no reason why it wouldn't work.

[ July 11, 2005, 11:43 PM: Message edited by: Ahit ]

(in reply to brybo)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Installation >> ISA and Apple Macs Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts