• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

A Solution for ISA 2004 SP1 + TrendMicro IWSS on the same Box

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> A Solution for ISA 2004 SP1 + TrendMicro IWSS on the same Box Page: [1]
Login
Message << Older Topic   Newer Topic >>
A Solution for ISA 2004 SP1 + TrendMicro IWSS on the sa... - 18.Jul.2005 2:08:00 AM   
msillmann

 

Posts: 27
Joined: 25.Apr.2005
Status: offline
Since there are a couple of users how have (had) the same problem as me (running TrendMicro's InterScan WebSecurity Suite and ISA 2004 on the same box), I think it might be helpful for one to know one working solution.

Scenario:

ISA is listening on port 8082 for incoming web proxy requests. Each user has to authenticate against AD to get Internet access and enforce the rules to be applied. After a successful authentication, ISA forwards the requests to IWSS (port 8084), which retrieves the URL directly via a leased line.

Small howto:

1) Configure ISA and IWSS to your needs.
2) Set up ISA to listen on port 8082 and IWSS on port 8084.
3) Create a rule that allows LocalHost to LocalHost traffic for all the protocols users may use, condition "All Users".
4) Create a rule that allows Internal to External traffic (choose correct protocols, users,...).
5) Remove the Web Proxy Filter from all (!) protocols you mentioned in the two rules.
6) Create a web chaining rule with the following properties:
- Action: Redirect them to a specified upsteam server and set <localhost>:8084 for IWSS. Disable automated polling for configuration.
- To: External
- Bridging: HTTP requests as HTTP requests and SSL requests as HTTP requests.

That's it.

This works fine for me on several boxes, but: no warranty at all. :-)

If you have any suggestions, problems or improvements, feel free to contact me.

Kind regards,

Maik.
Post #: 1
RE: A Solution for ISA 2004 SP1 + TrendMicro IWSS on th... - 16.Aug.2005 4:09:00 PM   
charlie66

 

Posts: 27
Joined: 9.Aug.2004
From: Denmark
Status: offline
Or:

http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=24451&q=&qp=productId%3A62%7C%7Cversion%3A%222.0+for+Windows%22&qt=+&qs=&r=1&c=24451&sort=0

As posted by Mario V. in an earlier thread.

(in reply to msillmann)
Post #: 2
RE: A Solution for ISA 2004 SP1 + TrendMicro IWSS on th... - 18.Jun.2007 8:49:51 AM   
hmukhtar

 

Posts: 2
Joined: 24.Apr.2007
Status: offline
Hi Msillman,
I have ISA and IWSS working in same machine , i configure it as you menstioned, every thing work  fine except any https sites not workig , i get message :
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
    Error Code: 502 Proxy Error. -2147471495(-2147471495) IP Address: 172.32.1.34 Date: 6/18/2007 12:44:20 PM Server: testsrv.emed.gov Source: proxy
when i log ISA monitor i get this meesage
Failed Connection Attempt
Log type: Web Proxy (Forward) Status: 0x80002f79 Rule: Web Access Only Source: Internal ( 10.10.21.71:0) Destination: External ( 172.32.1.34:8888) Request: www.google.com:443 Filter information: Req ID: 0afc2009 Protocol: SSL-tunneli tried for days but failed ..

I need your help , thanks ..

(in reply to msillmann)
Post #: 3
RE: A Solution for ISA 2004 SP1 + TrendMicro IWSS on th... - 20.Jul.2007 3:23:06 PM   
RAJP

 

Posts: 53
Joined: 11.Mar.2006
Status: offline
quote:

Destination: External ( 172.32.1.34:8888) Request: www.google.com:443


Where does port 8888 come into play? ISA only allows SSL over 443 unless you change it. The best way is to use Jim Harrison's site : http://isatools.org/tools.asp?Context=ISA2004 and use the ISA TRPE utility. It allows you to use SSL over ports other than 443. It does restart the firewal lservice when you apply yhe change, though.

Ray

(in reply to hmukhtar)
Post #: 4
RE: A Solution for ISA 2004 SP1 + TrendMicro IWSS on th... - 22.Jul.2007 2:04:33 AM   
hmukhtar

 

Posts: 2
Joined: 24.Apr.2007
Status: offline
Hi Ray,

this port used for chain proxy ( IWSS 2.5) installed in the same box with ISA as mentined in the artical .. it's working fine for every thing except any HTTPS site..

thanks for reply
Hassan

(in reply to RAJP)
Post #: 5
RE: A Solution for ISA 2004 SP1 + TrendMicro IWSS on th... - 20.Sep.2007 6:31:36 PM   
nathan

 

Posts: 21
Joined: 13.Mar.2001
From: Clifton Springs, Vic, Australia
Status: offline
Hi Maik,

I know this thread is a little old, but to get this working did you need to have the firewall client installed?

It is just that you turn off the web proxy filter and if you set authentication on the rules the browsing fails. If I set the rule to All Users the browsing works.

And what is the reason for a localhost to localhost rule? It looks to me that you don't need rules to access services on the firewall if you are already on the firewall. I used telnet as an example.

Thanks

Nathan

(in reply to msillmann)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> A Solution for ISA 2004 SP1 + TrendMicro IWSS on the same Box Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts