• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA SERVER doubt

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> ISA SERVER doubt Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA SERVER doubt - 17.Mar.2009 4:33:48 AM   
franziskaner

 

Posts: 3
Joined: 17.Mar.2009
Status: offline
Hy all. I have a doubt/problem. Im trying ISA Server in my network, in a 2003 server part of domain (not domain controler). When I put on my pc (inside of domain too) the ISA SERVER ip, I can navigate. I put all the rules and all go perfectly. The problem is when I want make groups of users, for limited acces to internet. The problem is that my user appears like anonymous, and I can't find the way of authenticate with ISA Server.

Its absolutely necessary install firewall client in the machines for authenticate?

Thanks
Post #: 1
RE: ISA SERVER doubt - 17.Mar.2009 4:55:48 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ORIGINAL: franziskaner
Its absolutely necessary install firewall client in the machines for authenticate?

Yes, or set them as Web Proxy Clients.



_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to franziskaner)
Post #: 2
RE: ISA SERVER doubt - 17.Mar.2009 6:31:29 AM   
franziskaner

 

Posts: 3
Joined: 17.Mar.2009
Status: offline
oks, thanks a lot! another thing.. where I assign the Web Proxy Clients??

(in reply to elmajdal)
Post #: 3
RE: ISA SERVER doubt - 17.Mar.2009 6:37:46 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
You can either set it manuallu, in IE click on Tools > Internet Options > Connection > Lan Settings > enable the checkbox beside use a proxy, enter your ISA Server Internal LAN IP and the port used.

or automatic by Configuring WPAD Support for ISA Firewall Web Proxy and Firewall Clients


By the way, you will have to enable the Proxy on ISA Server, by opening the management console > go to  Network >  double click on the Internal Network and then under the web proxy tab, enable the web proxy checkbox.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to franziskaner)
Post #: 4
RE: ISA SERVER doubt - 17.Mar.2009 7:08:53 AM   
franziskaner

 

Posts: 3
Joined: 17.Mar.2009
Status: offline
thanks again! but then I can't apply firewall polices, true? this will be only for webproxy. its correct?

I can't understand why isa server can't authentify directly from AD users..!

(in reply to elmajdal)
Post #: 5
RE: ISA SERVER doubt - 17.Mar.2009 8:27:06 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ORIGINAL: franziskaner

thanks again! but then I can't apply firewall polices, true? this will be only for webproxy. its correct?


False !!



_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to franziskaner)
Post #: 6
RE: ISA SERVER doubt - 17.Mar.2009 9:04:23 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Why is the ISA not a member of your domain. This would be the most secure scenario?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to elmajdal)
Post #: 7
RE: ISA SERVER doubt - 17.Mar.2009 9:32:51 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Agree! Unless there is some compelling technical or political reason for not doing so, you should make the firewall a domain member.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to SteveMoffat)
Post #: 8
RE: ISA SERVER doubt - 17.Mar.2009 4:42:52 PM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
quote:

ORIGINAL: SteveMoffat

Why is the ISA not a member of your domain. This would be the most secure scenario?


secure ? i think it has nothing to do with security .

(in reply to SteveMoffat)
Post #: 9
RE: ISA SERVER doubt - 17.Mar.2009 5:01:47 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
It should be seeing as ISA is a security device.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to ITEngineer)
Post #: 10
RE: ISA SERVER doubt - 17.Mar.2009 5:21:22 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
There are advantages and disadvantages

Some people might tells you  that if my domain was compromised,  then at least my firewall would not, as it is not joined to the domain  !

Adding ISA server to the domain, makes it more flexible to be used with AD users and groups.

More details, Check Tom's article : Debunking the Myth that the ISA Firewall Should Not be a Domain Member

< Message edited by elmajdal -- 17.Mar.2009 5:22:57 PM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to SteveMoffat)
Post #: 11
RE: ISA SERVER doubt - 17.Mar.2009 5:25:33 PM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
quote:

ORIGINAL: SteveMoffat

It should be seeing as ISA is a security device.


Can you tell us how adding ISA server to the domain makes it more secure ?

(in reply to SteveMoffat)
Post #: 12
RE: ISA SERVER doubt - 17.Mar.2009 5:28:08 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
See Tarek's post above.

It is also MS's best practice I believe also.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to ITEngineer)
Post #: 13
RE: ISA SERVER doubt - 17.Mar.2009 7:24:47 PM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
quote:

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM


I'm reading TMG help file and I can see that MS is supporting installing TMG in a workgroup more than it was doing the same with ISA 2006.RTFM

(in reply to SteveMoffat)
Post #: 14
RE: ISA SERVER doubt - 17.Mar.2009 9:48:11 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
TMG is not ISA...and I did not say anything about supportability....:

Also ISA was well supported in a worgroup too.

It is a far better security model having either as domain members. 

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to ITEngineer)
Post #: 15
RE: ISA SERVER doubt - 17.Mar.2009 9:49:03 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Also, the TMG help is not finalised.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to SteveMoffat)
Post #: 16

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> ISA SERVER doubt Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts