Still, the response indicates that ISA is refusing the request based on some rule or the absence of it. What does the WEB log show for those attempts? If you don't get any "Rule#1" and "Rule#2" entries in that log, go to Monitoring Configuration, Logs and edit the fields of the Web proxy log to show you those. That's how we'll know what ISA is using to deny those requests. The firewall client can't authenticate through the HTTP redirector any better than the secureNAT client can. I'll bet that loss of identity is the issue. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Periyasamy, Raj" <psraj@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, December 01, 2001 12:20 Subject: [isalist] Re: Firewall client http://www.ISAserver.org Jim, I have a group InTERNET which has permissions to the ISA protocol rules which allows access to the net. The ID I login is a member of this group. With firewall clinet, either I need to setup proxy or I use teh auto config script http://server:80/array.dll?Get.Routing.Script to get the browser working. If I dont use either of the above I get 403 Forbidden. Raj -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, November 30, 2001 11:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Firewall client http://www.ISAserver.org What do you find in the ISA logs for those requests? ISA returns a 403 when it: 1. has a rule specifically denying the request 2. has no rule allowing the request Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Periyasamy, Raj" <psraj@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, November 30, 2001 17:17 Subject: [isalist] Re: Firewall client http://www.ISAserver.org Jim, I am running firewall client in my workstation. Raj -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, November 30, 2001 7:55 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Firewall client http://www.ISAserver.org You're disabling the client's ability to use the ISA proxy, yasilly. Seriously, if the client isn't going to use the proxy, then is has to be a secureNAT or firewall client. What is in the FW or WEB logs for those requests? There may also be a rule getting in your way. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Periyasamy, Raj" <psraj@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, November 30, 2001 14:22 Subject: [isalist] Firewall client http://www.ISAserver.org May be this one is too basic.. My workstation is runnning F/W client. The browser is configured to use proxy. It works fine. However, if I disable use proxy option the browser fails. I get 403 forbidden error. What am I doing wrong? Regards, Raj ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: psraj@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: psraj@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')