• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2006 as a router and firewall/proxy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> ISA 2006 as a router and firewall/proxy Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2006 as a router and firewall/proxy - 28.Aug.2008 5:09:56 AM   
DaveMorfee

 

Posts: 14
Joined: 24.Jun.2008
Status: offline
Current Setup
 
We have ISA 2000 running on Win 2000 with SurfControl 5.0.
 
The standard user has a default gateway of 10.97.4.100 which forwards all internet traffic to our ISA server which is 10.99.61.52 where traffic is routed and filtered by SurfControl.  The users have the proxy server ISASRV set in Internet Explorer.
 
Now the 4 people in tech support we have our default gateway set to 10.99.61.52 and with no proxy server setup in Internet Explorer, this allows us to bypass the proxy and Surfcontrol meaning we are not blocked on anything.
 
New Setup
 
However we are now needing to migrate over to ISA 2006 on Windows 2003 server.
 
As the previous setup the standard user has the same setup, just the ISA server is now on 10.99.61.53 not 10.99.61.52.  This has been tested and now working quite happily.
 
The problem we are now having is with the tech support section.  We need to somehow get routed through the ISA server but bypassing the proxy, now I can sort of get that to work, but it still filters us
 
Any options to get round this?
 
Thanks
 
Dave
Post #: 1
RE: ISA 2006 as a router and firewall/proxy - 28.Aug.2008 11:24:40 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
First:
It is impossible to "bypass" the proxy when the proxy is physically in the way

In the old system the users who set the DFG to the ISA (10.99.61.52) were still using the ISA,...they just weren't using the Web Proxy Service which is where SurfControl interacts.

Moral of the story,....SecureNAT cannot authenticate and must use anonymous Rule,...lessons,...don't have anonymous rules on the ISA and you won't have SecureNAT Clients.

On the new setup.  ISA2006 is not as loose with the SecureNAT Clients and passes them through the Web Proxy Service where Surfcontrol is probably getting in the way.  For the Tech Supp People have a different device used for a Default Gateway that does not involve the ISA.

The other option is to configure SurfControl to properly handle the situation and just run the Tech People through it like everyone else.

_____________________________

Phillip Windell

(in reply to DaveMorfee)
Post #: 2
RE: ISA 2006 as a router and firewall/proxy - 3.Sep.2008 4:23:44 PM   
poiuy

 

Posts: 82
Joined: 20.Oct.2005
Status: offline
I have a computer group set up for the IT computers that have a different rule set to allow an unrestricted and unlogged connection on port 80. I also have another ruleset for common network protocols for that same group.

All other computers run through another rule that allows internet access but restricts sites and downloads.

I see no reason to be using seperate gateways. I also assume that you are on a single subnet network.

_____________________________

poiuy the Nemisis of qwerty

(in reply to pwindell)
Post #: 3
RE: ISA 2006 as a router and firewall/proxy - 3.Sep.2008 5:04:49 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Sounds good to me.
Having that rule "unlogged" should keep it out of Sufcontrols "view".


_____________________________

Phillip Windell

(in reply to poiuy)
Post #: 4
RE: ISA 2006 as a router and firewall/proxy - 4.Sep.2008 4:01:29 AM   
DaveMorfee

 

Posts: 14
Joined: 24.Jun.2008
Status: offline
Hi,

Thanks for your advice.

Could you tell me the details of the rule you have created just for future reference, as we have found an old Cisco 2600 router which now does the Tech Support and our server :)

Cheers

Dave

(in reply to pwindell)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> ISA 2006 as a router and firewall/proxy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts