ISA as a gateway, NOT a proxy ? (Full Version)

All Forums >> [ISA 2006 General] >> Installation and Planning



Message


evogelpohl -> ISA as a gateway, NOT a proxy ? (16.Jan.2007 11:52:14 AM)

Building a cyber center for a local not-for-profit.  Not sure i understand the value of a "firewall client".  Can't ISA 2006 work like a Linksys router - provide a gateway for external routes, w/ URL monitoring and access control and some protocol control?

Essentially, i want a Smart router/gateway to log and manage access to bad sites - nothing more.  I don't want to install client software on all the devices that will want to use the cyber center.

Thanks for the help!
Eric.




evogelpohl -> RE: ISA as a gateway, NOT a proxy ? (16.Jan.2007 12:20:22 PM)

I think i just answered my own Q.  I turned off all of the web proxy and firewall client on the internel-network properties.  It now works as a gateway (after i allowed DNS to go thru). 

Now - i can't get any URL monitoring.  I only get destination IP.

In this "gateway" mode (non proxy) can we get URL monitoring ?

Thanks! Sorry for the newbie questions.




tshinder -> RE: ISA as a gateway, NOT a proxy ? (17.Jan.2007 9:56:03 AM)

How would the Firewall know the URL if you don't configure the client?

Simple networking and TCP/IP.

Tom




evogelpohl -> RE: ISA as a gateway, NOT a proxy ? (17.Jan.2007 10:04:00 AM)

The same way any other device knows i suppose.  My linksys router @ home can tell me what sites i've visited (cnn.com, micorosft.com, etc).  It can block certain sites as well....and there is no need to configure anything on the client but a gateway IP address.

I'm building a cyber center w/ WIFI.  I don't want to control the client PC's that could potentially connect to the internet.  i only want to govern the content / and protocol types that i'll let through.  For all i know, someone might want to use the center with thier Windows Mobile phone (or God forbid an iMac :-) )..or an Xbox.

I'm thinking that ISA might not be the solution for this...perhaps an appliance?  Something more robust than a SOHO broadband router?

Thanks again!




Boedus -> RE: ISA as a gateway, NOT a proxy ? (17.Jan.2007 11:59:29 AM)

Proxy is enable by default, this is not the case of the caching.

If you browse internet with the internal NIC of the ISA server as your gateway, ISA will record all visited websites with "Anonymous" (Without authentification) user and you will see what websites has been visited.

Anyway ISA gives you access or not to a website, not based on the nature of the website (Adult, Weapons...) but on the policy you have set up.
If you want some kind of dynamic and intelligent content filtering you could use SurfControl, but you would have to add some $ to the bill.

An applicance might be an alternative solution depending of the needs/budget.
If you take an ISA applicance, you will have the same kind of issues anyway.




Page: [1]