• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ONLY FIREWALL CLIENT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> ONLY FIREWALL CLIENT Page: [1] 2 3 4   next >   >>
Login
Message << Older Topic   Newer Topic >>
ONLY FIREWALL CLIENT - 22.Jan.2006 7:50:54 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
Hi ALL

How I configure only firewall client use my ISA SERVER and the other clients (SECURENAT and WEPCLIENT) will block 


thanks
Post #: 1
RE: ONLY FIREWALL CLIENT - 22.Jan.2006 8:08:28 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi majedalanni,

why do you want to ban the Web Proxy clients?

If you only create authenticated access rules, no SecureNAT client requests will get through.

HTH,
Stefaan

(in reply to majedalanni)
Post #: 2
RE: ONLY FIREWALL CLIENT - 22.Jan.2006 9:44:24 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
Hi ALL
How I create authenticated access rules for block SecureNAT ?
please details

Thanks alot

(in reply to spouseele)
Post #: 3
RE: ONLY FIREWALL CLIENT - 22.Jan.2006 10:42:02 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Rulles that do not have "All Users" will require authentication and cause S-NAT to be denied.

Why do you want to deny WP clients?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to majedalanni)
Post #: 4
RE: ONLY FIREWALL CLIENT - 22.Jan.2006 10:46:42 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
My client connect to my ISA servre by wireless
and some unautherize client access my wireless but I want block them the some time make a packet sniffer and stolen the IP that I gave it access to internet

I wnat only FW client work?
how I make access rule for them

many thanks

(in reply to majedalanni)
Post #: 5
RE: ONLY FIREWALL CLIENT - 22.Jan.2006 10:59:31 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I still don't understand why WP should be disabled.  Are the thieves also stealing the username/password?  Are you wireless clients domain members or how to you plan to enforce authentication?  Are the thieves domain members too?

You can disable the WP listener on ISA.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to majedalanni)
Post #: 6
RE: ONLY FIREWALL CLIENT - 23.Jan.2006 4:35:23 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
I wont use  WP and username /password
I want use direct connection
I configure my client all as secuareNAT but I know want install on all of them FW client
and FW client not work the client cant access to internet

all my rule in ISA server is used all user
and I put the IP client in a gruop and give the gruop a rule to access to internet
thats all

thanks

(in reply to LLigetfa)
Post #: 7
RE: ONLY FIREWALL CLIENT - 23.Jan.2006 4:54:38 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
If you don't answer my questions, I cannot help you any further.  Did you try removing "All Users"?  Did you try disabling the WP listener?  How is that working out for you?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to majedalanni)
Post #: 8
RE: ONLY FIREWALL CLIENT - 23.Jan.2006 7:52:45 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
Okay this is my story

I have a 3 public ip conecting one of them to isa server and make a rule for ALL USER and just open the internet for a computer set  (named Client)
The rule is (alow - some protocols - from client - to external - all user)
I put some ip on Client group
the ISA server connect to ACCESS POINT to give the client (internet) but some hacker make a packet sniffer and know my ip client and setup his computer and he have an internet when the real client is turn his PC off and when they run at same time the had IP conflict

all my client configure there pc (IP,subnet,gateway my isa server and dns my ISA server)
I dont  wont my user use WP .
I want just have FW client can use the internet and when the hacker use a gateway he cant work it mean blocking secureNAT

Thats all  

Many thanks LLigetfa for listing to me

(in reply to LLigetfa)
Post #: 9
RE: ONLY FIREWALL CLIENT - 23.Jan.2006 10:19:42 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Still no answers to the following questions.
quote:

ORIGINAL: LLigetfa
Are the thieves also stealing the username/password? 
Are you wireless clients domain members or how to you plan to enforce authentication? 
Are the thieves domain members too?

I already told you how to disable both WP and S-NAT.
quote:

ORIGINAL: LLigetfa
Did you try removing "All Users"?
Did you try disabling the WP listener?
How is that working out for you?


What more do you want?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to LLigetfa)
Post #: 10
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 10:41:37 AM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
No they not steel password because I am not use domain
I told you  all my client is SecureNAT I just put  the ip and subnet and gateway and dns in there PCs and they have access to internet
I disable WP
But if I remove ALL USERS condition what I put instead of it to make only FW client work

Thanks

(in reply to LLigetfa)
Post #: 11
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 12:20:23 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ORIGINAL: LLigetfa
Did you try disabling the WP listener?  How is that working out for you?



hi LLigetfa
 
i would like to know how can i disable the WP listener.

Thanks

(in reply to LLigetfa)
Post #: 12
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 2:37:21 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
maj,
I cannot help you.  If you are not prepared to use authentication, FWC is not your solution.  YOu may want to look at deploying VPN or PPPoE instead.

elm,
To disable WP, just deselect "Enable Web Proxy clients" on your Internal network properties.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to elmajdal)
Post #: 13
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 2:59:15 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
 
I thought there was a LISTENER

I got confused with the word.

all my clients are Firewall Clients , but the problem with this is that GFI WM3 wont function.

the ISA server i think has to be a WP client inorder the http://monitor.isa to be displayed.



Thanks LLigetfa


(in reply to LLigetfa)
Post #: 14
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 3:02:49 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
It is a listener.  Enabling WP causes ISA to *listen* on port 8080 (or whatever you define).  What is your definition of listener?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to elmajdal)
Post #: 15
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 6:48:01 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
Hi
You mean I must have a domain to authenticate users or else I use VPN or PPPoE, just these soluation

Did you think the domin is helpfull when using wireless?

Thanks

(in reply to LLigetfa)
Post #: 16
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 6:57:03 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I never said you HAD to have a domain.  I simply asked you how (if) you planned to do the authenticating.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to majedalanni)
Post #: 17
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 9:00:58 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
okay
I block WP client
but how I block secureNAT without domain ?? how I put a rule that block secureNAT
can you tell me

and I sorry if I distrube you 

thanks

(in reply to LLigetfa)
Post #: 18
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 9:45:20 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Maj,

If you require authentication for your rules, then SecureNAT clients will never access the Internet since they can't authenticate.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to majedalanni)
Post #: 19
RE: ONLY FIREWALL CLIENT - 24.Jan.2006 10:01:42 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline
And if I need authenticate Imust have a domain or a WP client??????

(in reply to tshinder)
Post #: 20

Page:   [1] 2 3 4   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> ONLY FIREWALL CLIENT Page: [1] 2 3 4   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts