• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Port 80 VS. Port 8080

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Port 80 VS. Port 8080 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Port 80 VS. Port 8080 - 20.Aug.2004 12:03:00 AM   
charlieit

 

Posts: 108
Joined: 19.Aug.2004
From: US
Status: offline
Hello!

I just installed and configured ISA 2004. I opted to install Message Screener--so I had to install IIS on the ISA Server.

Everything appears to be working fine, but I was wondering why I have to have a proxy set to port 8080 to see web pages instead of just setting the ISA server as the gateway?

I thought if I use the ISA server as the gateway, I would not have to set a proxy on every computer.

Is there a way to tell ISA 2004 to use port 80 instead of 8080?

Thank You!
Post #: 1
RE: Port 80 VS. Port 8080 - 20.Aug.2004 2:17:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Charlie,

SecureNAT clients have to resolve names themselve, Web Proxy clients allow the ISA firewall to do it. So, always configure clients as Web Proxy clients since all OS's support this config and its better performance and more secure.

HTH,
Tom

(in reply to charlieit)
Post #: 2
RE: Port 80 VS. Port 8080 - 20.Aug.2004 4:04:00 AM   
charlieit

 

Posts: 108
Joined: 19.Aug.2004
From: US
Status: offline
Thanks Tom, I'm sorry if I'm a little confused, I'll try to articulate why...

Wouldn't it be easier and just as secure to simply set the gateway to be the ISA server and not have to set the proxy on every computer in the organization? If I set the gateway on a client's computer to be the address of the ISA server, and a client clicks on an external address in the web browser, the client's computer hits the gateway (my ISA server) to route externally and ISA filters accordingly. The problem comes in the fact that ISA listens on port 8080 instead of 80 for web traffic (presumably so that it doesn't step on IIS's toes--which also listens on port 80). If I'm not using port 80 on IIS, and if I could switch the HTTP filter to use port 80 instead of 8080, then all I need to do is change DHCP to pass the ISA server's address as the gateway and everything should work.

No?

(in reply to charlieit)
Post #: 3
RE: Port 80 VS. Port 8080 - 22.Aug.2004 3:29:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Charlie,

NO NO NO NO NO NO!

The Web Proxy client configuration is *orders of magnitude* more secure than the SecureNAT client configuration. In fact, the SecureNAT configuration is for non-Windows clients and servers. For all MS client operating systems, you should always configure the clients as both Firewall and Web Proxy clients. Failing to do so dumbs the ISA firewall configuration down to a common PIX!

HTH,
Tom

(in reply to charlieit)
Post #: 4
RE: Port 80 VS. Port 8080 - 1.Sep.2004 9:34:00 PM   
charlieit

 

Posts: 108
Joined: 19.Aug.2004
From: US
Status: offline
Thanks Tom. Could you explain (or point me to an article that explains) why the ProxyClient configuration is so much better than a SecureNAT client?

My company develops software which offers our customers with a wide range of database engines to choose from--one of them being Pervasive SQL. I have discovered that Pervasive 2000i and the MS Firewall client do not play nice together. We unfortunately have a lot of clients who are still using Pervasive 2000i, so I'm stuck. I can't load the MS Firewall Client on most of the computers in the organization.

Before the meeting to discuss whether we roll-out ISA as SecureNAT instead of ProxyClient, I'd like to know what we would be missing with SecureNAT so I can make a strong argument.

Thank You!

(in reply to charlieit)
Post #: 5
RE: Port 80 VS. Port 8080 - 3.Sep.2004 1:16:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Charlie,

The Web Proxy client and Firewall client configs are completely different.

But, if you wanted to work with the Firewall client, what is the *exact* reason for the possible (maybe more apparent than real) conflict with the Firewall client software and the DB product? Does the DB product actually change the Windows TCP/IP stack? That is VERY strange if so.

HTH,
Tom

[ September 03, 2004, 01:18 PM: Message edited by: tshinder ]

(in reply to charlieit)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Port 80 VS. Port 8080 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts