• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Allow only firewall clients to access internet...

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Allow only firewall clients to access internet... Page: [1]
Login
Message << Older Topic   Newer Topic >>
Allow only firewall clients to access internet... - 26.Jul.2004 4:41:00 PM   
prospero63

 

Posts: 7
Joined: 21.Jul.2004
From: Houston
Status: offline
Is it possible to configure ISA so that only the firewall client is allowed to access the internet? The scenario is that some users have admin access on systems and can manually configure the proxy settings in their web browser and uninstall the firewall client. We want to prevent those users from being able to access the internet, and since the web proxy will prompt for a username (and the user can then enter the domain user information), if the user can uninstall the firewall client and enter the appropriate proxy information it undermines the security. TIA.
Post #: 1
RE: Allow only firewall clients to access internet... - 27.Jul.2004 2:08:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Wes,

The easiest way to do this is to disable the Web Proxy listener on the Internal network, and any other protected network that Web Proxy clients might be located. Then, make sure there are no anonymous access rules. This will prevent the SecureNAT clients from connecting. The only client then that can access external resources will be the Firewall client [Smile]

Note that even if you disable the Web Proxy listener, the Firewall client will still be able to benefit from the Web cache. The only requirement is that the Web Proxy filter be enabled on the rule that the Firewall clients are using to access the external Web sites.

HTH,
Tom

(in reply to prospero63)
Post #: 2
RE: Allow only firewall clients to access internet... - 27.Jul.2004 2:11:00 AM   
prospero63

 

Posts: 7
Joined: 21.Jul.2004
From: Houston
Status: offline
quote:
Note that even if you disable the Web Proxy listener, the Firewall client will still be able to benefit from the Web cache. The only requirement is that the Web Proxy filter be enabled on the rule that the Firewall clients are using to access the external Web sites.
Awesome news Tom. Thanks! I'll be posting a followup question about the firewall client configuration in another thread. Thanks!

[ July 27, 2004, 02:13 AM: Message edited by: prospero63 ]

(in reply to prospero63)
Post #: 3
RE: Allow only firewall clients to access internet... - 27.Jul.2004 2:14:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Wes,

Cool! Great sig! [Big Grin]

I'll look for your followup post.

Thanks!
Tom

(in reply to prospero63)
Post #: 4
RE: Allow only firewall clients to access internet... - 29.Jul.2004 1:51:00 PM   
davehedgehog

 

Posts: 11
Joined: 27.Aug.2003
Status: offline
If I did what you have described above, does this mean that all users would need to be able to do DNS lookups, and all the log data would show IP addresses visited, rather than specific pages?

By doing this surely users would no longer be using a proxy to browse the web?

or, would the firewall route all http requests to the web proxy??

(in reply to prospero63)
Post #: 5
RE: Allow only firewall clients to access internet... - 29.Jul.2004 2:07:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Dave,

These are application specific settings. So, when you disable the Firewall client only for Outlook.exe, it has no effect on other applications.

HTH,
Tom

(in reply to prospero63)
Post #: 6
RE: Allow only firewall clients to access internet... - 9.Aug.2004 10:15:00 PM   
BobW

 

Posts: 227
Joined: 27.Mar.2002
Status: offline
BUT, if you disable securenat completely wouldn't this cause some serious issues with some servers which are not supposed to have the FW client installed?

thanks,
bob

(in reply to prospero63)
Post #: 7
RE: Allow only firewall clients to access internet... - 10.Aug.2004 3:50:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bob,

You can create a separate rule that allows those servers via Computer objects to get the outbound access they need.

HTH,
Tom

(in reply to prospero63)
Post #: 8
RE: Allow only firewall clients to access internet... - 23.Aug.2004 9:18:00 AM   
skermajo

 

Posts: 2
Joined: 23.Aug.2004
From: Toowoomba
Status: offline
Hi All!

sory for the newbie Q, but how would one go about disabling the web proxy listener ??

Are we just talking about disabling web proxy clients in the local network config?

thanks

[ August 23, 2004, 09:19 AM: Message edited by: skermajo ]

(in reply to prospero63)
Post #: 9
RE: Allow only firewall clients to access internet... - 24.Aug.2004 2:58:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Joel,

You could just disable the Listener on the network that the clients make the outbound connection.

HTH,
Tom

(in reply to prospero63)
Post #: 10
RE: Allow only firewall clients to access internet... - 24.Aug.2004 7:22:00 AM   
skermajo

 

Posts: 2
Joined: 23.Aug.2004
From: Toowoomba
Status: offline
Thanks Tom [Smile] got it sorted.

(in reply to prospero63)
Post #: 11
RE: Allow only firewall clients to access internet... - 24.Aug.2004 12:15:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi skermajo,

Great! Good to hear you got it working and thanks for the follow up!

Thanks!
Tom

(in reply to prospero63)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Allow only firewall clients to access internet... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts