Clients Bypassing Proxy (Full Version)

All Forums >> [ISA 2006 Firewall] >> HTTP Filtering



Message


VulcanX -> Clients Bypassing Proxy (26.May2009 6:48:38 AM)

Hey guys im new to the forum but have a ISA Server 2006 Enterprise setup, i set it up manually so not too clued up on the white papers and how it should be done.
The problem im having is that when the clients input the router address into the default gateway with a valid DNS server they get direct internet access, i have zero clue and tried to block the router address so that no traffic could go through to it, and then tried to play around with the filtering and not too sure what to change, i have setup authentication linking to domain accounts for the proxy and extension blocking. What are the ways that i can force the clients (which have admin rights) to stop bypassing my proxy? Its a serious issue and i have linked the cables up correctly as well, one link going to the ISA server from the router and the other going from the server into the switch, so that people dont get full access. What can be done? Im using a Juniper router which i have zero access to (console access).
Thanks so much for the help

Edit: I also tried to change the condition so that Domain User accounts from the Domain are only allowed HTTP access and still no luck, im really running out of ideas.




paulo.oliveira -> RE: Clients Bypassing Proxy (26.May2009 11:37:06 AM)

Hi,

it seems your clients requests are not passing through ISA firewall. Can you provide a basic network diagram?

Regards,
Paulo Oliveira.




SteveMoffat -> RE: Clients Bypassing Proxy (26.May2009 12:15:30 PM)

How many nics?




VulcanX -> RE: Clients Bypassing Proxy (27.May2009 10:25:29 AM)

Ok i have 2 NICs on the proxy server itself, one is linked up the switch (which then in the whole network links to everything) and the other is directly into the router.
My network is laid out as follows, all clients connect to switches, the switches then connect to the MAIN switch, its very old but cash was tight and i had to make it work. Only when the default gateway is configured to have the routers address can they do that, other than that it shouldnt be possible as my DHCP gives out addresses with the correct proxy default gateway which allows the proxy to come into play. So with all that said, how do i ensure that the clients go through the proxy? I was thinking of putting in a Security Policy for the IP Config so that the users cant change the IP addresses, but they are admins so they can obviously work a way around it.
Oh and i also have routing happening with the ISA between my 2 NICs in order to FORCE users through the proxy but its not limiting the guys who are directly connecting through the Juniper.
Appreciate any help you guys can give me




paulo.oliveira -> RE: Clients Bypassing Proxy (27.May2009 1:11:44 PM)

Hi,

it seems you have to diffrent gateways (ISA firewall and Juniper). To force ISA pass through ISA, you have to let just one gateway on your network.

Regards,
Paulo Oliveira.




VulcanX -> RE: Clients Bypassing Proxy (1.Jun.2009 5:12:27 AM)

Thnx for the reply Paulo, i just want to find out how i could go about getting one gateway only, as i tried my aboslute best to get it working and forcing the users to go through the ISA server but bcoz of the routing i have between the one IP range to the other, its routing the requests directly to the router, which isnt correct at all, and i cant configure the juniper as its hosted by another company which means they look after it for us. So how do i proceed here?

*Super confused with this issue*

Thanks a lot for any replies
Tim K




paulo.oliveira -> RE: Clients Bypassing Proxy (2.Jun.2009 10:58:34 AM)

Hi,

can you provide a network diagram?

Regards,
Paulo Oliveira.




zakfleming -> RE: Clients Bypassing Proxy (10.Jul.2009 7:15:49 AM)

If you have a hardware firewall at the top of your network, block port 80 and 443 on all clients apart from the ISA server. This will solve your problem.

Z




Page: [1]