Anonymous Access port 443 (Full Version)

All Forums >> [ISA 2006 Firewall] >> Access Policies



Message

karlos31 -> Anonymous Access port 443 (30.Jun.2008 9:50:31 AM)

Hi all, I am having problems with ISA 2006 and anonymous access.  Users who access port 443 sites are going out as anonymous.  See below:
 




Allowed Connection


Log type: Web Proxy (Forward)

Status: 407 Proxy Authentication Required

Rule: Allow all Authorised VWM Internet Users

Source: Internal (vwm****.****.*****-****.co.uk ***.**.39.77)

Destination: External (**.***.1.94:443)

Request: online.lloydstsb.co.uk:443

Filter information: Req ID: 07e63415; Compression: client=No, server=No, compress rate=0% decompress rate=0%

Protocol: SSL-tunnel

User: anonymous



[image]http://forums.isaserver.org/file:///C:/Program%20Files/Microsoft%20ISA%20Server/UI_HTMLs/_image/general/minusImg.gif[/image] Additional information

Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x0
Processing time: 0 MIME type:
I have a rule to allow access for users, this is tied down to a group of users as opposed to the "all users" group.  Is there anyways to get all 443 access users to authenticate.  I use Webspy to analyise reports and with anonymous access it makes my job harder.



paulo.oliveira -> RE: Anonymous Access port 443 (30.Jun.2008 10:18:41 AM)

Hi,

make sure you donīt have any other rule above this one allowing access to https and with all users condition.

Regards,
Paulo Oliveira.



karlos31 -> RE: Anonymous Access port 443 (30.Jun.2008 10:45:15 AM)

Hi there are no rules above this that allow all users access.  The rule allowing anonymous access for 443; "vwm authorised internet users" consists of 2 groups "Domain Admins" and "Internet Access".  But it seems not all 443 traffic goes out as anonymous. 
 
I am lost.[:@]



paulo.oliveira -> RE: Anonymous Access port 443 (30.Jun.2008 1:58:34 PM)

Hi,

to make sure only authenticated traffic is passing through ISA and the problem is not involving any access rule. Put a checkmark in Require all users to authenticate checkbox at the internal network level. After that try to access a SSL page and check if anonymous is still allowed.

Regards,
Paulo Oliveira.



karlos31 -> RE: Anonymous Access port 443 (1.Jul.2008 4:08:11 AM)

I have just tried that and still get anonymous access on port 443, although not all 443 connections go out anonymously.



elmajdal -> RE: Anonymous Access port 443 (1.Jul.2008 5:42:12 PM)

Hi,

Check this post here : http://forums.isaserver.org/m_2002006234/mpage_1/key_/tm.htm#2002006274



Page: [1]