I have ISA 2004 with SP2 on Win2k3 with SP1. Client are configured as FIREWALL CLIENTS. There is no SECURENAT & WEB PROXY Clients. CLients are also configured to auto detect ISA 2004. which is working fine.
Problem is INTERNET EXPLORER is working veryyyyyyyyyyyyyy slow.I think I should say that ITS WORKING.... On the other hand FIREFOX is working properly.
Secondly in firefox, browsing is working, but there is a little bit delay of around 5 - 8 seconds. I don't know why is this happening.
One more thing is how to allow NOD32 (ANTI VIRUS) to update itself through ISA, ALthough I have configured PROXY settings in NOD32 and in ISA i have configured to allow HTTP, HTTPS from internal to external to ALL AUTHENTICATED USERS.....
Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:
I have ISA 2004 with SP2 on Win2k3 with SP1. Client are configured as FIREWALL CLIENTS. There is no SECURENAT & WEB PROXY Clients. CLients are also configured to auto detect ISA 2004. which is working fine.
Problem is INTERNET EXPLORER is working veryyyyyyyyyyyyyy slow.I think I should say that ITS WORKING.... On the other hand FIREFOX is working properly.
Secondly in firefox, browsing is working, but there is a little bit delay of around 5 - 8 seconds. I don't know why is this happening.
One more thing is how to allow NOD32 (ANTI VIRUS) to update itself through ISA, ALthough I have configured PROXY settings in NOD32 and in ISA i have configured to allow HTTP, HTTPS from internal to external to ALL AUTHENTICATED USERS.....
hi Elmajdal Thnx for your response .. TASK TO ACCOMPLISH I want that all computers should access internet through FIREWALL CLIENT. I donot want to implement SECURE NAT and WEB PROXY Clients.
WHAT I DID
Firewall client is installed on all computers, Clients are of mixed environement of windows XP and WIndows 2000. I have configured the following settings.on ISA 2004 SERVER. Following settings are configured in the INTERNAL. Addresses = 10.0.0.0 10.255.255.255 Domains = *.abcd.com Web Browser = NOthing is configured here Web Proxy = Checked (Enable WEb proxy Client) & Enable HTTP > HTTP PORT = 8080 INtegrated Authentication is selected by default. FIREWALL CLIENT = (Checked) Enable firewall client support for this network. AUTO DISCOVERY = Auto discovery is enabled. CLIENTS: Firewall client software is installed on all computers.and are configured to to autodetect, which is working properly.
PROBLEM: When I remove the IE & FIREFOX Proxy Settings.IE totally stops browsing, While FIREFOX can access but there is 5-8 seconds delay. I have also configured EnablePMTUdiscovery value to 1 in registry.but still firefox makes delay.
Also if i enable proxy settings then interner explorer and firefox works perfectly, but I think Firewall client is not working, because when i am browsing then there is no GREEN ARROW shown in firewall client.
Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
u said :
quote:
TASK TO ACCOMPLISH I want that all computers should access internet through FIREWALL CLIENT. I donot want to implement SECURE NAT and WEB PROXY Clients.
but u did :
quote:
Web Proxy = Checked (Enable WEb proxy Client) & Enable HTTP > HTTP PORT = 8080
so web proxy client is enabled !!
quote:
When I remove the IE & FIREFOX Proxy Settings.IE totally stops browsing
The Best combination for any client is to be a combincation of the 3 clients, but for ur case its better to be Firewall AND Web Proxy Client, as Web proxy is faster than firewall clients in browsing.
how is your Firewall client detecting ISA ??? are u using wpad in DHCP or through DNS ??
But my question is this should I enable WEB PROXY CHECK box and port 8080. Thing is this If i remove WEB PROXY and port 8080, the firewall client donot pick the internet request and browsing totally stops. thats why i need to ENABLE WEBPROXY check box and port 8080.
But Again if i enable proxy settings then interner explorer and firefox works perfectly, but I think Firewall client is not working, because when i am browsing then there is no GREEN ARROW shown in firewall client. Is it a default behaviour if WEB PROXY and FIREWALL CLIENT both are enabled ??. If yes then when the firewall client comes into place ?, I mean then When i will able to see the green arrow in Firewall client?
Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
this is the 3rd time iam posting here and each time i click on submit , i find out that my session has expired and that iam logged out !!! and ofcourse nothing is posted !!!
so let me remember what i answered
u can enable this option
but here , dont enable Use a Web proxy server
let the firewall client setup your IE settings automatically.
quote:
but I think Firewall client is not working, because when i am browsing then there is no GREEN ARROW shown in firewall client
install the firewall client tool from microsoft and run it, try to paste what you are getting.
hi thanx again for your reply .. I have anabled the settings as you explained.
But problem persists.I mean if WEB PROXY check box is selected and in the FIREWALL TAB use automatic configuration script > Use default URL is selected.
Now Internet explorer can browse internet but again GREEN ARROW IS NOT SHOWING in FIREWALL CLIENT, Although I have installed the latest firewall client from Microsoft website. But if i uncheck the automatic URL then internet explorer stops browsing. On the other hand in FIREFOX, if i specify the Proxy Settings then firefox browse properly, but NO GREEN ARROW on firewall client.But I remove Proxy Settings then Firefox can browse internet and green arrow is shown but a delay of 5 - 8 seconds is occured.
Posts: 2
Joined: 17.Oct.2003
From: London
Status: offline
I faced a similar problem whereby the Firewall Client icon on internal PCs did not have the green arrow and internet browsing would fail if I removed the web proxy settings from IE.
My ISA 2004 server was in its own domain with a one-way trust to our internal domain. Initially, I had configured the ISA System Policy to restrict access to the Active Directory protocols (kerberos/ldap etc) to only the internal domain controllers.
The result of this was that the internal PCs would only act as SecureNAT client without the full functionality of a Firewall Client: whenever a user started certain apps (eg chat), there would be a pause and then the Firewall Client icon would have a red cross, with a "cannot authenticate to ISA server" message
I could open the Firewall Client interface, and click the Test Server button on the Settings tab, and the red cross would disappear. But as soon as the chat app was restarted, the red cross came back.
By giving the Internal network object (and therefore all internal PCs) access to Active Directory protocols in the ISA System Policy, the Firewall Clients started to show the green arrow on their icons and all apps started to work seemlessly.
After all, you should change this setting: - Select Internet Options, tab Advanced: Make sure the option Use HTTP 1.1 through proxy connection is selected.
One problem that I had overlooked while setting up my firewall client was to allow the client to connect to the ISA server. By the default rule, all traffic is blocked if not included in the firewall settings. This being said, I had never allowed the client (Internal) to connect to the ISA server (Computer) via port 8080. You will need to create an access rule for this.
If you don't, clients will eventually be able to connect to the internet, but not after a lenghty delay while trying to verify and detect proxy settings (on port 8080 which is being dumped by the server). My clients were receving the 5-8 second delay in addition to a 15 to 20 second delay when initially opening Internet Explorer or Mozilla. The status bar would include the message "Detecting proxy settings..." and then "Connecting to (your.server.here).