• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Web Traffic going thru FWC

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> RE: Web Traffic going thru FWC Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: Web Traffic going thru FWC - 9.Jul.2002 11:11:00 AM   
wi11iam

 

Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
Hi Stefaan

Got it, thanks.

Cheers
William R.

(in reply to wi11iam)
Post #: 21
RE: Web Traffic going thru FWC - 9.Jul.2002 9:36:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi William,

glad I could help. [Smile]

Thanks,
Stefaan

(in reply to wi11iam)
Post #: 22
RE: Web Traffic going thru FWC - 16.Jul.2002 7:31:00 AM   
wi11iam

 

Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
Hi there

Even after making some changes to my FW Client's DNS lookups etc, I am still seeing far too much IExplore traffic in my Firewall Log.

I am not sure I want to simply disable the Firewall Service before I am sure ALL WEB Proxy traffic is going through the WEB Proxy and not the Firewall Client, but I don't know where to look or how to troubleshoot this.

If I simply uninstall the FW Clients off all the workstations, that wouldn't fix the problem with the WEB Proxy, would it? Because as I understand it, the WEB Proxy is failing and thus handing over the request to the FW Client. Now I can only see one reason for the WEB Proxy failing and that is if it cannot contact the necessary ISA Services, and that in itself can surely imply only 1 thing, DNS. But how the hell do I ensure that the WEB Proxy CAN resolve everything through the necessary ISA Service? I have a very sound DNS&WINS structure in place. All clients are statically configured with the details of the DNS Servers, and as far as I can tell they do not have any other problems on the network.

Maybe the problem lies with the actual WEB Proxy service on the ISA Server itself? Is there any way that I can check the stability/robustness of the WEB Proxy service on the ISA Server itself?

Cheers
William R.

(in reply to wi11iam)
Post #: 23
RE: Web Traffic going thru FWC - 19.Jul.2002 7:13:00 AM   
wi11iam

 

Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
Hi there

Did my last post make any sense? I think I'm a lttle confused myself but any confirmation would be good.

Cheers
William R.

(in reply to wi11iam)
Post #: 24
RE: Web Traffic going thru FWC - 20.Jul.2002 5:19:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi William,

I don't have the precise answer for your sitation, although I did come up with one for the sites that I manage [Smile] However, you can get around this problem entirely by configuring the HTTP Rediretor filter to drop requests from SecureNAT and Firewall clients. Therefore, if the Web Proxy client can't handle it, the request is dropped -- period.

HTH,
Tom

(in reply to wi11iam)
Post #: 25
RE: Web Traffic going thru FWC - 23.Jul.2002 9:02:00 AM   
wi11iam

 

Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
Hi Tom

Again, that is what I would believe must happen. I have had the HTTP Redirector configured to "Drop requests..." for the past 3 weeks and when I ran a query against the FirewallLog table, I found 1678 records of IEXPLORE accessing websites.

What is interesting is the following:
1) It seems to be happeneing for almost every user
2) Many of the sites accessed are only referred to by an IP Address and do not have an associated DestHost. But there are some records that do have a DestHost address as well.

What is really confusing me is that with the HTTP Redirector configured to drop packets, why is it event considering allowing this traffic through?
(See related issue http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=7;t=000579)

Would you think that it is at all possible that the Firewall Service will log a request for something, but then deny access?

For example, maybe what is happening is that the WEB Proxy on the client workstations is failing, and thus switching over to the Firewall Client. The FW Client then passes the request to the FW Service, who then logs the request that he has been asked to service. The FW Service then passes the request on to the HTTP Redirector who then declares that the request is denied and so does in fact NOT allow the request to go through, but the Firewall Log still reflects that it did!

Your comments?

Cheers
William R.

(in reply to wi11iam)
Post #: 26

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> RE: Web Traffic going thru FWC Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts