Ok. I'm trying to get Web Filter for ISA 5.0 to work with ISA 2004 and I am having some problems. I am not getting any data in the real-time monitor or anything for that matter.
I did a fresh install of Windows Server 2003 and ISA 2004. I then installed MSDE and Web Filter 5.0. I went into the rules wizard and just created one rule to "Allow - Anyone - Anywhere - Anytime" just to see if I could pick up any data.
Our ISA server has two network cards. One of the network cards has an internal IP address and is plugged into a hub on our internal network. The other network card has an IP address that is on our DMZ of our firewall. So all traffic should flow through the ISA server.
I have setup a test computer and put the IP address of the internal network card of the ISA server as the gateway. When I do a tracert from this test computer to an internet address the first hop it goes to is the ISA server so I know that the traffic is flowing through the ISA server.
In ISA I've setup one access rule. It's setup as follows:
Action: ALLOW Protocols: HTTP/HTTPS From / Listener: ALL NETWORKS To: EXTERNAL Condition: ALL USERS
What do I have setup wrong? Thanks so much in advance!
Just rechecked your original post...the gurus will probably correct me but I dont think your gateway on the client computer should be set at all. Just set up your explorer to use the isaserver on port 8080(default) and surfcontrol will monitor everything
quote:Originally posted by Sunny.C: This can happen if you have multiple hubs in place, a few questions for you. 1.Have you ever had surfcontrol working?
2.Did you change the location on the isa server?(on hub)
We have never had surf control working on this ISA server. We have had the stand alone product installed on a Windows 2000 server for a couple years and it works but we want to use the ISA version coupled with ISA server.
Both nic cards on the ISA server are plugged into two different hubs.
quote:Originally posted by Leslie Tindale: Just rechecked your original post...the gurus will probably correct me but I dont think your gateway on the client computer should be set at all. Just set up your explorer to use the isaserver on port 8080(default) and surfcontrol will monitor everything
The reason I have my gateway as the ISA server is because I want to make sure it goes through the ISA server. When I do a tracert it is the first hop (which I want). If I use the default gateway of all the other clients at this location it will go through the firewall first and not through the ISA server. I will try that on Tuesday though. Thanks for all the help.
Right click on the surf service located on task bar. In there as i recall there should be a options which you will have to click, i think it's something like "DNS Name". Sorry i can't really remember but you should find it easy. Regards.
Well I just noticed another problem. I was logged into the ISA server and the test client with my network username. In Surf Control I was being tracked and my username was tracked as well.
However, when I log into my test client with a different username and try to access the Internet I get a pop up window asking for username / password. I'm assuming this is because I changed the ISA rule from allowing anyone to only allowing annonymous users. I changed it back to allow anyone and now I can get on the Internet with that user but Surf Control is again not tracking the username.
Rather than allow anonymous acces or anyone, create a set of users or one user and allow acces to these users only. Also, for surfcontrol, right click on the icon in the task bar and look for the option to enable workstation and or user name resolution. Should be able to monitor everything and logi with different user names...provided you have granted them access. Its pretty simple, give it a shot and let me know if you need any more help.
I'm an idiot. I didn't mean I changed it to allow only annonymous users... I changed it to only allow AUTHENTICATED users. Sorry about that.
Anyways, I went to configuration > networks > internal networks > web proxy > authentication, and I checked "Require all users to authenticate" and I left the ISA rule to allow anyone.
When I try to bring up a webpage on the test client a login window pops up asking for a username and password to connect to the ISA server. This only happens for users that have NOT logged into the actual ISA server.
What I mean by that is... My user has logged into the ISA server with my domain login and I am able to bring up webpages and get tracked on my test client. However, if I log into my test client with my basic test user (that has not logged into the actual ISA server before) then I get that pop up.
Looks like I've figured out why it is happening but I do not know how to fix it. I am getting Event ID 1053 errors.
Event Type: Error Event Source: Userenv Event Category: None Event ID: 1053 Date: 6/1/2005 Time: 10:31:21 AM User: NT AUTHORITY\SYSTEM Computer: FPBISA-BD01 Description: Windows cannot determine the user or computer name. (The remote procedure call failed and did not execute. ). Group Policy processing aborted.