• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall Client Confusion

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall Client Confusion Page: [1]
Message << Older Topic   Newer Topic >>
Firewall Client Confusion - 12.Jan.2006 10:22:22 PM   


Posts: 16
Joined: 24.Jun.2004
From: Syracuse, NY
Status: offline
I'm having trouble figuring out the Firewall Client. Up to this point, we have not been actively utilizing the Firewall Client. We have a pretty small office, so it's not a huge deal. We're using just SecureNAT, just by default, I believe. We are getting more and more people in our office and I want to start locking down outbound access and access within the network.

My understanding, conceptually, is that the Firewall Client will allow me to both log outbound requests (i.e. web page requests) and also selectively allow or deny protocols on a per user or per group basis. These users or groups can be individual Active Directory users or groups--or can even be a set of users defined within ISA 2004 itself.

I have setup 1 client machine, connected to the Domain (the ISA is also a member of the Domain). On this machine, I have installed the Firewall Client. When I go to "logging" and just do an unfiltered query of live traffic, I can see that my Firewall Client shows my username passed in and all the web requests it is making. All other traffic (from other computers) show up as either anonymous or nothing at all.

I'm trying to create
Firewall Policy rules to mess with my 1 Firewall Client machine to make sure I understand how it works. However, I can't do stuff like deny outgoing HTTP to only "registered users" or a custom user set with my username included. Everything still acting just as if the Firewall Client was not present.

Eventually, I would like to deny all outbound traffic to all unauthenticated users and then selectively allow protocols to specified users, conversely selectively denying other protocols to other users.

I know this is a little vague and I'll try to monitor this topic closely so that hopefully as you experts ask me more questions to drill down, I can answer them in a timely manner. Thanks.

Post #: 1
RE: Firewall Client Confusion - 13.Jan.2006 1:08:49 AM   


Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
If you go into production with anonymous allow rules, it gets a bit more complicated to experiment on authenticated rules.  Because the anonymous rules need to be above the authenticated rules, they can give you access before the rule you are testing.  You will need to constrain your anonymous rules so that your test subjects do not qualify yet not so constrained that no further rules are processed.  You may want to create computer sets or use IP ranges.


The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to mikefeng)
Post #: 2
RE: Firewall Client Confusion - 13.Jan.2006 1:16:20 AM   


Posts: 16
Joined: 24.Jun.2004
From: Syracuse, NY
Status: offline
Is an anonymous allow rule a rule which just has "All Users?" Creating computer sets or IP ranges is a good idea too. Is it a good practice to use computer sets / IP ranges for client computers in the production environment? (although since I am only just now deploying the Firewall Client, I guess I'm past the "ideal case" for the production environment...)


(in reply to LLigetfa)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall Client Confusion Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts