• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SBS 2003 ISA 2004 http connectivity issues -internal client web browsers cant see outside the domain

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> SBS 2003 ISA 2004 http connectivity issues -internal client web browsers cant see outside the domain Page: [1]
Login
Message << Older Topic   Newer Topic >>
SBS 2003 ISA 2004 http connectivity issues -internal cl... - 15.Jan.2009 11:27:55 AM   
dale303

 

Posts: 2
Joined: 12.Feb.2004
From: UK
Status: offline
We've just had a big nightmare with Symantec Endpoint security 11 and to cut a long story short I had to uninstall SEP and reinstall ISA 2004 to get anything to work.

Unfortunately now none of the client web browsers can see the outside world unless the ISA firewall client is installed or the http proxy port is set on the client PCs. Before all clients could access the internet without setting anything up. Everything else seems to be working as it should. The error I'm getting with the web proxy turned on is...

Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 193.189.75.110
Date: 13/01/2009 16:49:25
Server: bxxx-sbs.bxxx-net.local
Source: proxy

With the proxy turned of I just get the standard "can't find page" screen.

Does the default ISA 2004 settings allow for free access to http/https/ftp files without firewall client or web proxy port set up? If not, how can I make this happen? If yes, why can't I get access?

I realise it's safer to use the firewall client and/or web proxy but we have a lot of visitors for presentations and whatnot and I'm not always there to help them set things up.

I've tried using the internet connectivity wizard several times (apparently successfully) but it makes no difference. All the Firewall policy rules are currently enabled and seem fine.

I'm very new to ISA 2004 but have a little experience with ISA 2000. Perhaps I'm missing something. Any clues would be a great help.

< Message edited by dale303 -- 15.Jan.2009 11:38:11 AM >
Post #: 1
RE: SBS 2003 ISA 2004 http connectivity issues -interna... - 15.Jan.2009 2:41:55 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
quote:


Unfortunately now none of the client web browsers can see the outside world unless the ISA firewall client is installed or the http proxy port is set on the client PCs.


Well, the good news is that it sounds like ISA firewall is working! The bad news is that you will need to use one of the three ISA client access methods; Web Proxy, Firewall or SecureNAT client to gain access through the ISA firewall.

Based from what you shared, it does not sound like ISA was even functioning correctly before you reinstalled it. At minimum, you can configure your network clients and or routers as SecureNAT clients and then configure an Anonymous all access rule to allow access. SecureNAT access requires anonymous access because it does not support authentication from the client.

http://www.isaserver.org/tutorials/The_SecureNAT_Client.html

http://www.isaserver.org/tutorials/ISA_Clients__Part_2_SecureNAT_and_Web_Proxy_Client.html

HTH

RB    


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to dale303)
Post #: 2
RE: SBS 2003 ISA 2004 http connectivity issues -interna... - 16.Jan.2009 6:43:57 AM   
itauthority

 

Posts: 40
Joined: 6.Feb.2008
Status: offline
i was also going to mention, you dont have to be there to setup the proxy -

http://www.isaserver.org/tutorials/Configuring_Automatic_Discovery_for_ISA_Server_Clients.html

(in reply to Rotorblade)
Post #: 3
RE: SBS 2003 ISA 2004 http connectivity issues -interna... - 16.Jan.2009 6:46:48 AM   
itauthority

 

Posts: 40
Joined: 6.Feb.2008
Status: offline
notice you say your running sbs - did you add your users to the network using the add user wizard or just through ADUC, sbs by default will add rules to isa that are for specefic groups - not the all users group as mentioned above.

the sbs internet users group is what your users should be members of.

(in reply to itauthority)
Post #: 4
RE: SBS 2003 ISA 2004 http connectivity issues -interna... - 22.Jan.2009 4:07:40 PM   
dale303

 

Posts: 2
Joined: 12.Feb.2004
From: UK
Status: offline
Sorry for the long delay in replying.

I would agree with youe assesment that ISA 2004 is now 'working'. Just too well now. 
It was an ISA 2000 -2004 upgrade and I think there were some differences in configuration thate were pulled over that are no longer there. The old setup was that *anyone could easily browse external sites or use ftp without the need of anything extra. Anything else required adding the firewall client.

This allowed the multitude of clients, visitors and club members the use of their own laptops without fuss when they visited. We did try beefier security for a while but gave up after we had too many members complaining that their laptops no longer worked when they got home/work due to firewall client/proxy setups messing with their home/work configurations.

I'll have a read of http://www.isaserver.org/tutorials/The_SecureNAT_Client.html and get back to you if I'm still having issues.

itauthority> Yes, I used the wizards and all users are members of  "sbs internet users". I've been configuring several SBS setups in various guises since SBS 4.0 and if there's one thing all that experience has taught me is 'Always use the wizard' if there is one.

(in reply to itauthority)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> SBS 2003 ISA 2004 http connectivity issues -internal client web browsers cant see outside the domain Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts