ISA bypassed by everything but local host (Full Version)

All Forums >> [ISA 2006 Firewall] >> General



Message


evanthes -> ISA bypassed by everything but local host (11.May2009 3:37:33 PM)

It seems that servers that are on my network are bypassing my newly installed ISA server and going straight to the host. However from my ISA server I can see in the logs that it authenticates and is allowed by my server.

I have made policies that are very general, such as allow all HTTP users from the internal network to anywhere, thjis is setup for all users. Although I still dont see anything in the logs besides the traffic from the local host and various Net Bios stuff.

If anyone has any suggestions as what I should look at to try and have the ISA server mediate traffic from other servers, that would be awesome. Let me know if you need me to supply more information as well.




evanthes -> RE: ISA bypassed by everything but local host (11.May2009 4:02:36 PM)

by the way, I'm running on a single NIC, could that be part of this problem?

Thanks




paulo.oliveira -> RE: ISA bypassed by everything but local host (11.May2009 5:11:37 PM)

Hi,

quote:

It seems that servers that are on my network are bypassing my newly installed ISA server and going straight to the host


Where are these hosts? Internal network?

Regards,
Paulo Oliveira.




Dumber -> RE: ISA bypassed by everything but local host (12.May2009 5:18:46 AM)

Are the clients configured to use the ISA server as their proxy server?




evanthes -> RE: ISA bypassed by everything but local host (12.May2009 8:42:37 AM)

quote:

ORIGINAL: paulo.oliveira

Where are these hosts? Internal network?



Yes they are internal, our sharepoint server is really all I'm trying to set this up for (which ahs an internal ip)

Thanks, Evan




evanthes -> RE: ISA bypassed by everything but local host (12.May2009 8:48:43 AM)

quote:

ORIGINAL: Dumber

Are the clients configured to use the ISA server as their proxy server?



Is making a firewall policy the same thing? I made an access rule that applies to our sharepoint site, so shouldnt the ISA manage all the traffic going to that site from now on? Our Sharepoint site is goiing to have thousands of users, so configuring the proxy for each user would not be ideal. Is this the correct way of thinking?

thanks for your help so far guys.




paulo.oliveira -> RE: ISA bypassed by everything but local host (12.May2009 8:51:06 AM)

Hi Evan,

you have two options:

1- Configure WPAD and create an exception list on ISA console;
2- Configure the exception list in the browser configuration.

Regards,
Paulo Oliveira.




evanthes -> RE: ISA bypassed by everything but local host (12.May2009 9:52:39 AM)

I'm not sure if I am doing a good job of explaining my issue. I tried to put in a layout of what I'm looking to happen.

[image]http://www1.emmanuel.edu/sites/dept/images/network.jpg[/image]

Right now the only traffic that goes to Sharepoint VIA the ISA is when I try to access the Sharepoint from the ISA server itself. We would like to have clients within our network and on different subnets be able to access Sharepoint via the ISA so they wont ahve to enter their password multiple times, but right now it only works from the server itself

We really arent looking for the ISA to do anything else but this. Do you think we need two network cards enabled? Or is the proxy necessary? Thanks for your help




paulo.oliveira -> RE: ISA bypassed by everything but local host (12.May2009 12:58:59 PM)

Hi,

ok, got it. How is configured your sharepoint publishing rule? What networks do you have on ISA Internal Network definition?

Regards,
Paulo Oliveira.




evanthes -> RE: ISA bypassed by everything but local host (12.May2009 1:08:54 PM)

quote:

ORIGINAL: paulo.oliveira

Hi,

ok, got it. How is configured your sharepoint publishing rule? What networks do you have on ISA Internal Network definition?

Regards,
Paulo Oliveira.



My internal network has it was picked up by adding my adapter:

0.0.0.1 - 126.255.255.255
128.0.0.0 - 223.255.255.255

My publishing rule Allows HTTP From internal network to the sharepoint server, I set all users. I test the rule and it completes successfully. Let me know if you need more info, thanks!




paulo.oliveira -> RE: ISA bypassed by everything but local host (12.May2009 1:31:51 PM)

Hi,

your users browsers are configured to bypass your internal network? Can you provide details of your publishing rule? Are you using WPAD?

Regards,
Paulo Oliveira.




evanthes -> RE: ISA bypassed by everything but local host (12.May2009 1:46:33 PM)

I havent configured anything on my web browsers. Do I need to? I thought the ISA would grab traffic to the published site?


I listed information about the publishing rule in my last post, is there a better way for me to do that, or is there more information you need?

Thanks,

Evan




evanthes -> RE: ISA bypassed by everything but local host (12.May2009 2:25:57 PM)

I've enabled WPAD, but it seems that most of the network now travels through the ISA server. Shouldnt only the traffic that goes to my published site go through my ISA server?

Thanks




paulo.oliveira -> RE: ISA bypassed by everything but local host (12.May2009 4:25:37 PM)

Hi,

when ISA is configured in single-NIC mode it handles only http, https and ftp protocols.

All the traffic using these protocols will pass through ISA. Because ISA is been used as your proxy server. It isnīt that what you want in the first place?

Regards,
Paulo Oliveira.




Page: [1]