ISA server 2004 Unknown users (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting



Message


ZEN2005 -> ISA server 2004 Unknown users (24.Apr.2006 6:30:25 PM)

Hi there

When I check my reports, TOp users I saw a lot of unknown users, as we know this kind of users are (SecureNAT clients and unauthenticated Web Proxy clients). So, the question is, there is any option in order to identify this users? you know.

thanks in advance

bye




Kiddx -> RE: ISA server 2004 Unknown users (24.Apr.2006 6:53:34 PM)

You have to disable Anonymous users or All Users for web traffic, or any traffic that you want to collect user information on.

Goto your http/https outbound rule and remove all users and set it to authenticated users only. This will force the fwclient to send the credentials to ISA.

If you only want web traffic create a seperate rule for http/https outbound and 'other' traffic outbound. Since your servers usually require things like sntp/dns/smtp etc you want to seperate usage so you dont squash your servers ability to do its work.




ZEN2005 -> RE: ISA server 2004 Unknown users (18.May2006 6:57:22 PM)

Hi there

I already did that, all my access rules has included all auth uses, but in my reports I still see  a lot of unknown users, how is this possible?

By the way, my users doen´t have Isa firewall client installed, they are configured as a web proxy clients.
This is the cause of this behavior?

Hope any suggestions !


thx a lot !




LLigetfa -> RE: ISA server 2004 Unknown users (18.May2006 7:01:36 PM)

quote:

my access rules has included all auth uses

It is not a matter of inclusion but of exclusion.  You have to exclude "All Users".




ZEN2005 -> RE: ISA server 2004 Unknown users (18.May2006 9:49:51 PM)

yeap, I exclude All users, and include All authenticated users. I wanted to mean that




Page: [1]