Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Web Traffic going thru FWC
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Web Traffic going thru FWC - 9.Jul.2002 11:11:00 AM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi Stefaan
Got it, thanks.
Cheers
William R.
|
|
|
|
|
RE: Web Traffic going thru FWC - 16.Jul.2002 7:31:00 AM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi there
Even after making some changes to my FW Client's DNS lookups etc, I am still seeing far too much IExplore traffic in my Firewall Log.
I am not sure I want to simply disable the Firewall Service before I am sure ALL WEB Proxy traffic is going through the WEB Proxy and not the Firewall Client, but I don't know where to look or how to troubleshoot this.
If I simply uninstall the FW Clients off all the workstations, that wouldn't fix the problem with the WEB Proxy, would it? Because as I understand it, the WEB Proxy is failing and thus handing over the request to the FW Client. Now I can only see one reason for the WEB Proxy failing and that is if it cannot contact the necessary ISA Services, and that in itself can surely imply only 1 thing, DNS. But how the hell do I ensure that the WEB Proxy CAN resolve everything through the necessary ISA Service? I have a very sound DNS&WINS structure in place. All clients are statically configured with the details of the DNS Servers, and as far as I can tell they do not have any other problems on the network.
Maybe the problem lies with the actual WEB Proxy service on the ISA Server itself? Is there any way that I can check the stability/robustness of the WEB Proxy service on the ISA Server itself?
Cheers
William R.
|
|
|
|
|
RE: Web Traffic going thru FWC - 19.Jul.2002 7:13:00 AM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi there
Did my last post make any sense? I think I'm a lttle confused myself but any confirmation would be good.
Cheers
William R.
|
|
|
|
|
RE: Web Traffic going thru FWC - 23.Jul.2002 9:02:00 AM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi Tom
Again, that is what I would believe must happen. I have had the HTTP Redirector configured to "Drop requests..." for the past 3 weeks and when I ran a query against the FirewallLog table, I found 1678 records of IEXPLORE accessing websites.
What is interesting is the following:
1) It seems to be happeneing for almost every user
2) Many of the sites accessed are only referred to by an IP Address and do not have an associated DestHost. But there are some records that do have a DestHost address as well.
What is really confusing me is that with the HTTP Redirector configured to drop packets, why is it event considering allowing this traffic through?
(See related issue http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=7;t=000579)
Would you think that it is at all possible that the Firewall Service will log a request for something, but then deny access?
For example, maybe what is happening is that the WEB Proxy on the client workstations is failing, and thus switching over to the Firewall Client. The FW Client then passes the request to the FW Service, who then logs the request that he has been asked to service. The FW Service then passes the request on to the HTTP Redirector who then declares that the request is denied and so does in fact NOT allow the request to go through, but the Firewall Log still reflects that it did!
Your comments?
Cheers
William R.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
