Is there a solution? companyweb + authentication (Full Version)

All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS



Message


Marecki -> Is there a solution? companyweb + authentication (29.Aug.2008 2:53:50 PM)

Hi All,

Im having a hard time controlling (allowing) applications through the ISA 2004 server and cannot seem to get the Intranet to work after installing ISA clients on PC's.

My Requirements :
As secure network as environment will allow
Only allow selected websites for a group of selected users. (this I presume requires all to authenticate, which is the problem)
Allow logmein, VNC, GoToMyPc, and custom database applications to access the internet
Have the Intranet functioning (connectcomputer, companyweb)

My Problem :
Unable to instruct clients NOT to bypass proxy for local web servers which results in companyweb failure
Allow applications to access the internet using custom ports (the traffic from them is not authenticated)

Setup :
SBS 2003 R2 ISA2004 2 NICS
XP clients with ISA clients installed

ISA setup:
Network > Internal
Web proxy enabled, with require all users to authenticate (This way i see which username access the internet and I can limit a AD group to only access certain sites), intergrated and Basic selected.
Web browser, Bypass proxy unchecked, directly access computers unchecked.
Firewall client enabled, automatic detect settings ticked.

This is a fresh SBS install, with ISA Firewall clients installed this is the only way I can get the clients to access the web and limit certain users.  If I change any settings (i.e. tell explorer to use a proxy) my access stops as it shows as unathenticated access.

because I require all to authenticate (i presume) im unable to access the companyweb site, But I need to keep authentication in order to see which user is accessing external.  There has goto be a solution to this surely.  Ive read every article or so I feel.

Rules :
No rules are denying anything apart from limited users group, deny to all http / s exept sites a b and c. which is working fine.  Ive opened a good few ports for the custom application and other applications such as NVC viewer.

As you can imagine lots of programs run as Local Service and thats unathenticated so Im manually entering fwccert commands at the .exe's of them programs but Im strugling with some applications as traffic still shows unauthenticated.  

I have tried companyweb using fqdm and https.

In IE, after ISA client configures IE, it does not show a proxy setup, only "automatically detect settings"

How would you achieve my requirement?
Why arnt the clients authenticating with companyweb?
Why cant ISA clients automatically detect ISA clients?  (tries to access /wspad.dat anonymous and is rejected by network policy)
Any way to show website names instead of IP addresses in the reports?

Any advice would be most welcomed.  ISA has me hooked and Im loving digging deeper.




Page: [1]