Why would a user be unable to access the web with the firewall client on, and have to add the ISA server in the proxy settings of IE to get to web sites? They are saying that before changes were made to the ISA server, all they needed was for the firewall client to be turned on. Anyone have an idea? I was not here when the changes were made to the ISA server and I am trying to figure out what might have been changed. Thanks
If you are requiring authentification for your protocol rules, and site and content rules, then even if the HTTP redirector is set to redirect requests to the local web proxy service, the firewall serivce will strip off the authentification, and the request will be denied. I'm 90% sure about this. Test this out and se for yourself. Please if I'm wrong someone let me know.
Are the users also configured as SNAT clients? If the clietns have no firewall client software, no webproxy settings in IE, and is not a SNAT client, then they arent using your ISA server to get out. You have to tell the machines how to get out somehow.
What is the difference from between Secure NAT and using the Firewall client? I want to use the firewall and not secure NAT? I want to discourage users from bring in laptops and getting on the Internet. How do I configure that? Thanks
The major difference between the firewall client and SNAT is. you can use athentification with the firewall client, and it allows you to use protocls that require secondary connections. Like FTP, or MSN messenger. If you have a domain environment, and ISA is part of the domain, then you can setup all your access rules to require authentification. If the user does not have an account on the domain, then he or she will be denied access. Make all the clients firewall and proxy clietns, and require authentification on all of your rules. this will prevent a user from hooking up a laptop on your network and getting access. SNAT clients can only have access to protocols that are listed in the protocol definition list.