• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall client and web proxy settings

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall client and web proxy settings Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall client and web proxy settings - 26.Apr.2007 9:12:47 PM   
gping

 

Posts: 11
Joined: 22.Jan.2007
Status: offline
We are using a 1 NIC isa 2004 server, purly as proxy for all offices (internal ip segements / ranges).
1. if I setup only firewall client on the PCs, no web proxy in IE, then everyone can go to internet and intranet, as well as outlook, some inhouse-made ftp / email apps. However I found some website has to use web proxy, such as Windows update - it failed for FWC without WebProxy. - is it true?
2. with only FWC and no webproxy settings, we can not find the detailed websites the user has browsed in ISA server's FWLog and Webproxy Log. In Webproxy Log, it only showed: http://99.88.77.66/subdir/pages which is called as URI. How can I get correct URL? or has to use some 3rd party utility?
3. if I setup FWS as well as Webproxy in IE: use automatic config script -- http://myproxy:8080/array.dll?Get.Routing.Script
use a proxy server:  myproxy 8080, bypass proxy server for local addresses, then I found all intranet web sites go via myproxy, unless we browse http://hostname only as mentioned in Windows help.
I would say that we got our internal network ip ranges defined in ISA server, why webproxy does not consult the ISA server  for "Local/internet network"? Anything we can take advantage with the auto-script? http://myproxy:8080/array.dll?Get.Routing.Script

Thanks a lot from GPING
Post #: 1
RE: Firewall client and web proxy settings - 27.Apr.2007 4:00:54 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi ,
check what you are loosing with using ISA Server with a single NIC !!!

quote:


Configuring ISA Server with a Single Network Adapter Configuration
Problem: There are a number of issues associated with the configuration of ISA Server on a computer with a single network adapter.
Cause: The causes include:

Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. The Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer. This has implications for running applications located on the ISA Server computer.

Application layer inspection. Application level filtering does not function, except for Web Proxy Filter for Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) over HTTP.

Server publishing. Server publishing is not supported. Because there is no separation of Internal and External networks, ISA Server cannot provide the NAT functionality required in a server publishing scenario.

Firewall clients. The Firewall Client application handles requests from Winsock applications that use the Firewall service. This service is not available in a single network adapter environment.

SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. Because the Firewall service is not available in a single network adapter configuration, such requests are not supported.

Virtual private networking. Site-to-site virtual private networks (VPNs), and remote access VPNs are not supported in a single network adapter scenario.





Source : http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx

HTH,
Tarek

< Message edited by elmajdal -- 27.Apr.2007 4:02:09 AM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to gping)
Post #: 2
RE: Firewall client and web proxy settings - 2.May2007 9:30:28 PM   
gping

 

Posts: 11
Joined: 22.Jan.2007
Status: offline
Hi, Tarek, Thanks for your reply. I know one NIC isa server has a lot of limitations. But this is case in our env. and we have other box as the edge server/dmz etc. And this isa server currently works ok for most of our requirement - ie. proxy.

< Message edited by gping -- 3.May2007 12:27:25 AM >

(in reply to elmajdal)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall client and web proxy settings Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts