Re: Firewall client

Jim,
I enabled Rule#1 and Rule#2 in the log file, restarted the server and tried
the access. This is what I find in the log file.
As you see the Ruel#1 and Rule#2 entries are blank in the WWW log. If I use
a proxy for the browser configuration, I can see these entries are Default
Proxy Rule, Allow Rule.


FW Log

10.254.6.120, periya, Iexplore.exe:3:5.0, Y, 12/3/2001, 13:25:39, fwsrv,
NJAISA01, -, www.pepsi.com, 164.109.43.179, 0, -, 0, 0, -, -, GHBN, -, -, -,
0, -, Default Proxy Rule, Allow rule, 4, 0

10.254.6.120, periya, Iexplore.exe:3:5.0, Y, 12/3/2001, 13:25:39, fwsrv,
NJAISA01, -, -, 164.109.43.179, 80, -, 0, 0, 80, TCP, Connect, -, -, -, 0,
-, Default Proxy Rule, -, 4, 4


WWW Log

127.0.0.1, anonymous, Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0),
N, 12/3/2001, 13:25:41, w3proxy, NJAISA01, -, www.pepsi.com, -, 80, 0, 0,
3833, http, -, GET, http://www.pepsi.com/, -, -, 403, -, -, -


Any Ideas,

Regards,
Raj



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: December 01, 2001 3:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Firewall client


http://www.ISAserver.org


Still, the response indicates that ISA is refusing the request based on some
rule or the absence of it.
What does the WEB log show for those attempts?
If you don't get any "Rule#1" and "Rule#2" entries in that log, go to
Monitoring Configuration, Logs and edit the fields of the Web proxy log to
show you those.
That's how we'll know what ISA is using to deny those requests.
The firewall client can't authenticate through the HTTP redirector any
better than the secureNAT client can.  I'll bet that loss of identity is the
issue.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
----- Original Message -----
From: "Periyasamy, Raj" <psraj@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, December 01, 2001 12:20
Subject: [isalist] Re: Firewall client


http://www.ISAserver.org


Jim,
I have a group InTERNET which has permissions to the ISA protocol rules
which allows access to the net. The ID I login is a member of this group.
With firewall clinet, either I need to setup proxy or I use teh auto config
script http://server:80/array.dll?Get.Routing.Script to get the browser
working. If I dont use either of the above I get 403 Forbidden.

Raj

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, November 30, 2001 11:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Firewall client


http://www.ISAserver.org


What do you find in the ISA logs for those requests?
ISA returns a 403 when it:
1. has a rule  specifically denying the request
2. has no rule allowing the request

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
----- Original Message -----
From: "Periyasamy, Raj" <psraj@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, November 30, 2001 17:17
Subject: [isalist] Re: Firewall client


http://www.ISAserver.org


Jim,
I am running firewall client in my workstation.

Raj

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, November 30, 2001 7:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Firewall client


http://www.ISAserver.org


You're disabling the client's ability to use the ISA proxy, yasilly.

Seriously, if the client isn't going to use the proxy, then is has to be a
secureNAT or firewall client.
What is in the FW or WEB logs for those requests?  There may also be a rule
getting in your way.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
----- Original Message -----
From: "Periyasamy, Raj" <psraj@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, November 30, 2001 14:22
Subject: [isalist] Firewall client


http://www.ISAserver.org


May be this one is too basic..
My workstation is runnning F/W client. The browser is configured to use
proxy. It works fine. However, if I disable use proxy option the browser
fails. I get 403 forbidden error. What am I doing wrong?

Regards,
Raj



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
psraj@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
psraj@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
psraj@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: