Re: Firewall Client Installation Problem
- From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 25 Oct 2002 14:16:20 -0400
Ok, this setting as noted by Jay and Jim solved my problem. I also wanted
to address the questions below. I read up on the documentation Microsoft
provided for switching from Proxy Server to ISA Server, and thought I had a
pretty good understanding of the configuration options. It is pretty
apparent that are some things at work here of which I was not aware from my
reading. As far as what kind of access controls and accounting we need, we
need to be able to control and log HTTP access according to user and group
(which is why I was trying to use the Firewall Client). There have been no
discussions about controlling access based on content, but it is something
that could possibly be needed in the future.
I can now see the reason/benefits of having the mixed access (Web
Proxy/Firewall) and probably need to be set up that way. My original
problem was, in retrospect, that the user profiles were not getting the Web
Proxy settings. It appears that I can set this through group policy at:
User Configuration/Windows Settings/Internet Explorer
Maintenance/Connection/Proxy Settings and entering the name of my proxy
server at port 8080 there. Does this sound correct? If so, I think I have
gotten all my questions answered and have a solution. (In my testing
everything seems to work this way.)
I thank you all very much for your patient assistance, and I apologize if
this should have been painfully obvious.
Bill Mayo
Pitt County MIS
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, October 25, 2002 11:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Firewall Client Installation Problem
http://www.ISAserver.org
There seems to be a bit of confusion (and unasked questions) here. First,
you have to decide what kind of access controls and accounting you need.
a. if you want to control and log HTTP access according to user or
group, then you need to have user authentication. This is only available
via the Web Proxy or Firewall service
b. if you want to control and log web access based on content as
well, then the Web Proxy service is your only option, as the Firewall
service doesn't delve into "content". Note that this may also apply when
using some third-party content filters, such as SurfControl.
Options (a) and (b) requires that the user access the ISA via the Web Proxy
service; this means that FW and SecureNAT clients aren't supported for
authenticated web access, since the HTTP Redirector drops credentials.
If you don't care about controlling and/or logging based on user
credentials, then drop the proxy settings and set the HTTP Redirector to
"forward to requested web server" and it'll work "just like Proxy 2".
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 25, 2002 7:47 AM
Subject: [isalist] Re: Firewall Client Installation Problem
http://www.ISAserver.org
As an additional note, I have been looking at different settings to try and
find a workaround. I setup the ISA server in Integrated Mode. It looks
like this may be the reason that I have "mixed" settings (web proxy for web
activity even with the Firewall Client). To be able to have everything work
through WinSock, should I change this to Firewall mode instead?
Bill Mayo
Pitt County MIS
Other related posts:
