• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

WEBSENSE

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> WEBSENSE Page: [1]
Login
Message << Older Topic   Newer Topic >>
WEBSENSE - 26.Feb.2007 11:09:05 AM   
TripAces

 

Posts: 3
Joined: 26.Feb.2007
Status: offline
I have a customer who wants to filter HTTP requests of a guest network.

The users browser would not necessarily have auto detect or manual proxy settings configured. However the users are expected to receive DHCP for IP, gateway and DNS server details.

So my question is this: If ISA server is configured as a firewall (possibly with DNS forwarding) and so is transparent to the client can WEBSENSE still work and wil it receive URLs with names and not resolved IP addresses?

Mny thanks
Post #: 1
RE: WEBSENSE - 3.Mar.2007 3:41:53 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Autodiscovery is easy to set up and works fine?

The question would be why are you not using it?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to TripAces)
Post #: 2
RE: WEBSENSE - 5.Mar.2007 5:11:12 AM   
TripAces

 

Posts: 3
Joined: 26.Feb.2007
Status: offline
  There is a constraint here.

In my original question I said that the system is a guest network. There is no administrative controll of the guest PC. The only requirment is that they obtain an IP address via DHCP. This means that they may or may not have auto detect enabled. So we can not rely on that method.

I think I have since found the answer and its not good. In order to have URL logging in ISA if the guest user does not have any client proxy settings ISA must have  transparent proxy enabled, unfortunately this then prevents a number of VPN clients from working.

Unless someone has new information?

Many Thanks


(in reply to tshinder)
Post #: 3
RE: WEBSENSE - 6.Mar.2007 10:23:12 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
I don't see how SecureNAT clients on the internal Network would affect inbound VPN connections to the ISA Firewall. That sounds more like a coincidence.

The default settings on IE is to use autodiscovery. The users would have had to make a change to their settings manually to not have autodiscovery enable, in which case, they would not be able to connect anyhow because the SecureNAT client configure would be overridden by the incorrect Web proxy settings.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to TripAces)
Post #: 4
RE: WEBSENSE - 6.Mar.2007 11:15:15 AM   
TripAces

 

Posts: 3
Joined: 26.Feb.2007
Status: offline

Please forgive my lack of ISA and General MS knowledge.

I did not know that AutoDetect was default, probably because I play around with my OS all the time.

The ISA server would not be a VPN concentrator. The only function of the ISA is to interface with "Websense" and police the URLs of the guest users.  However when the user is connected back to their own VPN concentrator the web content is of no importance to my client.

So I suppose a better question to ask is ...

Can an  ISA server be a transparent proxy? If yes the when the ISA sevrer is acting as a transparent proxy does it stop VPN clients from making successfull connections to their remote VPN concentrators through the ISA server interfaces?

I very much appreciate your advise


(in reply to tshinder)
Post #: 5
RE: WEBSENSE - 6.Mar.2007 11:48:08 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Trip,

OK, these sound like outbound VPN connections. In order to allow outbound VPN connections, the ISA Firewall needs to be configured in full firewall mode, with at least an internal and external interface, then the rules on the ISA Firewall need to be configured to allow the outbound VPN protocols they need to use.

The ISA Firewall allows SecureNAT clients to be Web proxy clients without Web proxy configuration client configuration, but you won't get the FQDNs becasue the SecureNAT client doesn't send that information to the ISA Firewall's Web proxy filter. In addition, I believe that Websense requires the clients to be configured as Web proxy clients, in which case autodiscovery via WPAD works fine.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to TripAces)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> WEBSENSE Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts