• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Does the firewall client honour the proxy override list?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Does the firewall client honour the proxy override list? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Does the firewall client honour the proxy override list? - 15.Dec.2005 6:32:20 PM   
kernel32

 

Posts: 19
Joined: 13.Jan.2002
From: Canada
Status: offline
Hello all:

I am wondering if anybody knows if a PC with the ISA 2000 firewall client installed will honour the proxy bypass list that is configured within the PC's IE browsers Internet options proxy settings. We have about 20 internal sites configured in IE to bypass the proxy server, and if the PC does not have the firewall client installed, it does not try to go through the proxy server when contacting these sites. However, if the client is installed, then applications on the PC do still appear to go through the proxy server to get to the addresses on the override list. These applications I am talking about are third party things such as diagnostic imaging applications, not just standard web browsers. These applications fail if they go through the proxy. I need to find a way to get these applications to connect directly to the servers. Is this possible?

Thanks
Post #: 1
RE: Does the firewall client honour the proxy override ... - 15.Dec.2005 7:45:56 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I cannot help you with ISA 2000 but I can tell you that the WP proxy override settings have nothing to do with the FWC.

What I recall of ISA 2000 was that the LAT entries are what determine the FWC behavior.  This would be either the ISA LAT or the local LAT.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to kernel32)
Post #: 2
RE: Does the firewall client honour the proxy override ... - 15.Dec.2005 8:54:31 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi kernel32,

what do you mean exactly with 20 internal sites?

If they are really internal sites, that means sitting on the internal network behind the ISA server just like the internal workstations, then the internal networks should *never* go through the ISA server to access those resources unless you have basic ISA server configuration problem.

We definitely need more *exact* info to help you further.

HTH,
Stefaan

(in reply to LLigetfa)
Post #: 3
RE: Does the firewall client honour the proxy override ... - 15.Dec.2005 9:09:34 PM   
kernel32

 

Posts: 19
Joined: 13.Jan.2002
From: Canada
Status: offline
Hi Stefaan

Thanks for the reply. The "internal" sites I am talking about are part of a large WAN that spans over 6 sites. These sites are all connected via private frame relay type connections. So we use a 10.x.x.x type addressing scheme here, but one of the other sites may use a 172.16.x.x type scheme. All of the sites use private IP ranges though. So when I say Internal, I mean "not on the Internet" but on one of these private subnets. I have configured the LAT to contain all of these ranges. Basically, I just want to make sure that no browser or third party application ever touches the ISA proxy server in any way when contacting any server within the WAN. It seems to work for the browser using the proxy override setting, but not for the third party applications.

Thanks
Russ

(in reply to kernel32)
Post #: 4
RE: Does the firewall client honour the proxy override ... - 15.Dec.2005 10:27:09 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Russ,

OK, I assume you have read and understand the following articles:
- http://www.isaserver.org/articles/Understanding_the_Firewall_Client_Control_Channel.html
- http://www.isaserver.org/tutorials/The_Mystery_of_the_HTTP_Redirector_and_SiteContent_Rules.html
- http://www.isaserver.org/articles/IPSec_Passthrough.html , section '4. Configuring ISA Clients'

If the whole WAN and therefore those 20 internal sites too, are on the LAT then it is definitely *not* the Firewall client who will redirect those requests to the ISA server. Moreover, you said that "It seems to work for the browser using the proxy override setting, but not for the third party applications". That shows clearly that the Firewall client can't be the culprit, otherwise it should not work for the browser using the proxy override setting either because the Firewall client would have picked up the request.

A quick way to diagnose such a problem and learn at the same time more about how clients talk to the ISA server is taking a Network Monitor trace at the client side. I highly recommend the free Ethereal tool to accomplish that (http://www.ethereal.com). Of course, don't forget to analyse the ISA log too.

HTH,
Stefaan 


(in reply to kernel32)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Does the firewall client honour the proxy override list? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts