• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Auth issues with AD users

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Auth issues with AD users Page: [1]
Message << Older Topic   Newer Topic >>
Auth issues with AD users - 4.Jul.2006 3:14:53 PM   


Posts: 8
Joined: 25.Feb.2005
From: Sweden
Status: offline
Hi Experts!

Correct me if I'm wrong but FWC is responsible for authenticating protocols except HTTP/FTP right? In my network we have an accexxrule that states that Internet may be accessed by all users by means of HTTP, HTTPS and FTP (read only). This works just fine without the FWC obviously. But I have created a rule that allows the IT department, an AD group called IT, to use trace route and Ping to the internet. The rule is set up as follows: Allow PING from Internal to External for IT group. This doesn not work even if FWC is installed and configured. I see that FWC connects to ISA, (green arrow), but when monitoring traffic in ISA the traffic is denied by this very rule. I have now as a workaround lifted the user restriction and set the from section to an ISA group of computers and that works. Any idéas here?


Post #: 1
RE: Auth issues with AD users - 5.Jul.2006 8:40:04 PM   


Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
What rule is listed first the one applying to the IT group or the rest of the users?

(in reply to driver28)
Post #: 2
RE: Auth issues with AD users - 5.Jul.2006 9:12:38 PM   


Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Hasse,

trace route and ping are not Winsock applications. Therefore the Firewall client can't see and act on that traffic. For more info, check out http://blogs.isaserver.org/pouseele/2006/05/21/a-different-look-at-the-isa-clients/.


(in reply to kjman)
Post #: 3
RE: Auth issues with AD users - 5.Jul.2006 9:51:47 PM   


Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
The key sentence from Stefaan's blog entry is this...


Remote calls are redirected to the firewall service. In general, all TCP/UDP requests for non-LAT destinations are redirected by the Firewall client software to the Firewall service on ISA server

Only TCP or UDP calls are processed - since Trace Route and PING are ICMP, the Firewall Client doesn't pick them up.

(in reply to spouseele)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Auth issues with AD users Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts