Welcome to ISAserver.org

Can still access internet after uninstalling firewall.

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Can still access internet after uninstalling firewall.

Page: [1]

Message

<< Older Topic Newer Topic >>

Can still access internet after uninstalling firewall. - 19.May2006 9:25:00 PM

kdemers

Posts: 4
Joined: 19.May2006
Status: offline

Please forgive me if this has been answered before elsewhere. I am having a problem with the firewall client on ISA 2004. When I uninstall it from a client pc, I can still access the internet when I don't believe I should be able to.

Simple rule set, one rule to allow DNS, and one rule to allow access to the internet based on group membership.
Tested out rule access and verified (not a member, no access).
Fire up a pc (without the firewall previously being installed) and try to access the internet with a valid user ID and you cannot. (So far, so good)
Install the firewall client
Try to access the internet with a valid user ID and you can (Still going good).
Uninstall or disable the firewall client, and try to access the internet with a valid user ID and you can (Now it's bad!).
Reboot or logoff/logon, and try to access the internet with a valid user ID and you still can.

Does someone have an answer for this?

Thanks

Post #: 1

Featured Links*

RE: Can still access internet after uninstalling firewall. - 19.May2006 9:38:07 PM

LLigetfa

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline

The user is getting out on web proxy. You should not hinge your access plan on the presence or absense of the FWC.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to kdemers)

Post #: 2

RE: Can still access internet after uninstalling firewall. - 19.May2006 9:41:39 PM

kdemers

Posts: 4
Joined: 19.May2006
Status: offline

Thanks, I would have beat my head against a wall over such a simple answer.

(in reply to kdemers)

Post #: 3

RE: Can still access internet after uninstalling firewall. - 19.May2006 9:43:12 PM

kdemers

Posts: 4
Joined: 19.May2006
Status: offline

Still trying to understand the firewall client, can I assume with proper proxy configuration, that I can use user/group authentication without the presence of the firewall client?

(in reply to kdemers)

Post #: 4

RE: Can still access internet after uninstalling firewall. - 19.May2006 11:31:05 PM

LLigetfa

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline

Yes, for applications and protocols that intrinsically support WP. For those that do not support WP but are winsock compliant or for complex protocols like FTP, you will want the FWC. S-NAT rounds out the mix for what's left, with a few exceptions.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to kdemers)

Post #: 5

RE: Can still access internet after uninstalling firewall. - 19.May2006 11:33:19 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi kdemers,

it is crucial that you make yourself familiar with the three different ISA client types and how they interact with the ISA server. For more info about them, check out Jim Harrison�s excellent articles over at http://www.isaserver.org/Jim_Harrison/ and my articles How to pass IPSec traffic through ISA Server, particular section �4. Configuring ISA Clients� and http://www.isaserver.org/articles/Understanding_the_Firewall_Client_Control_Channel.html.

BTW --- don't forget to study the ISA help file! There is a lot of info there too.