Hi, I'm new to ISA and new to ISAServer.org, so I'll start by saying sorry if I posted something already covered and in the wrong place :-)
I have just installed ISA at home and am starting to get things working....slowly.
So far I have got Microsoft Clients through the firewall no problem.....although I'm having a little bother downloading pop3 mail.
The main issue I have though is I cannot get my Apple iMac to go through the firewall. I have it configured as a secureNAT client as the rest of the machines are, but when I try to view a web page, I get prompted for security details, but then rejected by the ISA server straight away.
Can anyone help get an apple working through ISA please?
...also, just following a chapter from the MS book (sorry Tom, this was supplied by work :-) ...there is a step one style tutorial that says configure one rule single rule that allows all IP. It says this is safe to do and will not compromise your network security as ISA will always block all in bound traffic, and only allow out bound clients. How true is this? How safe is this rule?
Well, I won't blame you, but you need to tell your work to get the right book!
Sounds like you created an "all open" rule for outbound access. That should work for all clients, as long as you didn't play user/group access controls over the rule. Check out the default Site and Content rule and make sure there are not access controls on that either.
The Macs can't authenticate, so you need to make sure they can get around authentication. You can allow basic auth on the outgoing web requests listener, or create a client address set and allow access based on the client address set.
quote:Originally posted by tshinder: The Macs can't authenticate, so you need to make sure they can get around authentication. You can allow basic auth on the outgoing web requests listener, or create a client address set and allow access based on the client address set.
I'm also having an issue with a Mac. While I can get him to browse out through the ISA server. I can see the MSPLogs that show his traffic, but I do not see access via SurfControl.
I have scoured the posts for an answer to a simular problem. Please let me know if I missed somewhere it is already explained.
I am running ISA 2004 as a web proxy and want to be able to do user based logging. I therefore have integrated authentication on. This works fine for users that are part of our AD Domain. However, we are a school and there are lots of users that use Macs or Windows that are not part of the domain. These users get an authentication pop up box EVERY browser window they open. Its quite maddening. Is there a way I can leave authentication on, but the client can remember who they are for their session? I will eternally love ISA if it can do that.
One last thing...is there a way for Mac's to use Automatic Discovery to figure out who the Proxy is? On the config pages on OS X, it has a field to enter the location of a "*.pac" file to configure proxy settings, but it doesn't seem to like the path I manually enter there for ISA's default url config script. Any ideas on this?
The reason why this is done is because the Mac, like most (if not all) *nix's don't know how to send user credentials when prompted with a "please autheticate" response from ISA.
mwilson09 - what your asking is essentially impossible. "I want ISA to always ask for authentication... every time... except for..." Take a look at Order of rule processing in Microsoft ISA and the story about a bouncer who was given similar instructions... Programatically defining rules that our minds can easily visualise is the challenge here.
I'm unsure about AutoDiscovery and Mac, although in principle I can see no reason why it wouldn't work.