Firewall Client ignoring denied accesses

Firewall Client ignoring denied accesses (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client

Message

Networker -> Firewall Client ignoring denied accesses (21.May2007 4:07:47 PM)
I have some stations in a network having access to Internet with proxy from ISA 2004. I created rules of special access (TCP port 8080, 1352, 3299, etc) to Internet with Firewall Client for some stations. But the problem is the stations with Firewall Client having full access to Internet, ignoring filter rules to deny improper sites for Proxy Service access. Have somebody here that solved this kind of problem to try to help me? Thanks.

tshinder -> RE: Firewall Client ignoring denied accesses (11.Jun.2007 8:59:24 AM)
Firewall clients do not ignore Access Rules. There are no "filter rules" unless you're referring to the HTTP Security Filter. Tom

fetict -> RE: Firewall Client ignoring denied accesses (4.Jul.2007 6:25:25 AM)
we have the same issue with enabling the firewall client. we have worked out that Firefox by default uses http1.1 and if you enable HTTP1.1 through a proxy connection in IE both bypass ISA webfilter plugins. we use ISA 2004 (latest patchs) Win 2003 ( fully patched) webmarshal as an ISA plugin. if you disable ISA firewall client users cannot bypass. t This sounds like ISA cannot handle HTTP1.1 correctly from a client. so my question is, are there any easy ways to drop any HTTP1.1 requests. i have tried the HTTP header filter and this seems to slow down the first page that a user requests but then operates normally for the seassion that the browser is open.for

tshinder -> RE: Firewall Client ignoring denied accesses (4.Jul.2007 12:05:55 PM)
If there is a rule that allows the FWC to access a site using a specific protocol, then the user will have access. If you don't have such a rule, then the connection will be blocked. Sounds like Web Marshall isn't coded correctly to take into account FWC connections. Tom

Page: [1]