RE: Deploying ISA 2004 firewall client - how to enforce?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 May 2004 08:58:02 -0500
Hi Jason,
Yes, for the most part. WPAD hasn't changed.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: Thursday, May 13, 2004 8:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA 2004 firewall client - how
to enforce?
http://www.ISAserver.org
Cheers Tom,
Would the answer be applicable for ISA 2004?
Cheers,
Jason
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: 13 May 2004 14:15
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA 2004 firewall
client - how to enforce?
http://www.ISAserver.org
Hi Jason,
Here's a chapter from the ISA EDU kit. There a golden
nuggets dispersed through this kit.
http://www.tacteam.net/isaserverorg/isaedukit/5automate/5automate.htm
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: Thursday, May 13, 2004 7:53 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA 2004
firewall client - how to enforce?
http://www.ISAserver.org
Hi Tom,
Well thats what I thought....
I've added the WPAD entries to the DHCP scope
options (not sure what you mean by DNS though....) but the firewall
clients still aren't automatically detecting the server. They can if I
*manually* set it to do that, or to "Detect now". It just isn't Enabled
by default.
It's driving me nuts :\
Cheers,
Jason
_____
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: 13 May 2004 13:30
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Hi Jason,
OK, I think I understand now :-)
The best practice for provisioning the
Firewall client is by using autodiscovery via DHCP and DNS WPAD entries.
Also, the Firewall client share should be placed in an alternate
location, so that you can block NetBIOS and Direct Access (TCP 445) to
the ISA firewall itself.
The WPAD entries will point the Firewall
clients to the ISA firewall's internal interface and the Firewall
clients will automatically detect their settings. The default
configuration of the Firewall client is enabled and to use autodiscovery
for autoconfiguration.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond:
http://tinyurl.com/1jq1
Configuring ISA Server:
http://tinyurl.com/1llp
-----Original Message-----
From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: Thursday, May 13, 2004 7:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Hi Tom,
The ISA Firewall is configured properly,
and it properly services users with properly configured Firewall
Clients. It looks like I didn't phrase that sentence properly:
"But my point is that the firewall isn't
used by default. i.e. It's not active and needs to be configured before
use."
should be
"But my point is that the firewall isn't
used by default. i.e. On client machines the Firewall Client not active
and needs to be configured before use."
:)
Jason
_____
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: 13 May 2004 12:47
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Hi Jason,
If the ISA firewall isn't configured,
the Firewall client isn't going to be much help. Right?
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond:
http://tinyurl.com/1jq1
Configuring ISA Server:
http://tinyurl.com/1llp
-----Original Message-----
From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: Thursday, May 13, 2004 6:44 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Hi Tom,
I can set the access rules to only allow
access through the firewall client. But my point is that the firewall
isn't used by default. i.e. It's not active and needs to be configured
before use.
Cheers,
Jason
_____
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: 13 May 2004 12:25
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Hi Jason,
If you configure your access rules
correctly, it'll enforce the use of the Firewall client :-)
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond:
http://tinyurl.com/1jq1
Configuring ISA Server:
http://tinyurl.com/1llp
Other related posts:
