Try not to "filter" the log data. "Imaginary" information is useless. If you have a problem sending it to the list, then you need to rethink your security model. "Security by obscurity is no security at all". Also, you should examine more than a single log entry - it's just as likely that you're looking at the wrong one. -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Wednesday, May 25, 2005 7:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 Got it but the log shows the record as below: Source Protocol Operation Desination IP Client Type <FQDN> 0.0.0.0 HTTP Denied 192.168.X.X Web Proxy (ISA Local IP) (anonymous) <HOST> 192.168.X.X Unknown IP Com Initilized 192.168.X.X FCW (Client IP) I am sure FQDN points to ISA interal IP, any sugguestion? Thanks, Roy Tsao > Your understanding is flawed. > If your client is resolving the FQDN to the ISA external IP, then your > deployment is horked. > Make sure both names resolve to the same ISA internal IP. > > -----Original Message----- > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > Sent: Tuesday, May 24, 2005 10:07 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > My ISA2K4 Box is SP1 patched, FW Client is also SP1ed. > Since client shall be Webproxy client with authentication for > HTTP(s)/FTP > download connection as required by content filter (surfcontol), so > autoproxy configuration shall be applied in addional to FW client. > It is true that when autoconfiguration point to full FQDN, > authentication > window popup means autoproxy configuration is not download into client > end but when change to simple host name, no popup anymore! > > My understanding is the configuration script is obtained through http, > there must be a doubled authentication when address is FQDN before > configuration is done: > phase 1: web proxy client issue http request to ISA FQDN:8080 > authentication required and webproxy client can provide > credentials > phase 2: ISA box loopback to itself requesting for ISAFQDN:8080 > as agent for client, then authentication required, and > ISA box pass it back to client (that's the reason of > authentication popup). > If it is correct for working merchanism, FQDN shall not be used > because client setting has not been done and does not know how > to bypass ISA proxy to obtain script. > > Thanks, > > Roy Tsao > > > > > Authentication is completely unrelated to simple vs. qualified names. > > The only place that authentication breaks auto-configuration is for > the > > FW client and SP1 fixes this. > > > > -----Original Message----- > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > > Sent: Tuesday, May 24, 2005 9:12 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > > > In case web proxy authentication is required, the auto-config web > > proxy setting's address shall be changed at ISABox from URL with dot > > into localhost name only i.e.: http://isalocal:8080... > > Otherwise autoconfiguration does work. Authentication window pop-up > > each time when open up new I/E session, and also local address will > not > > be by passed by ISA. > > > > > This is a multi-part message in MIME format. > > > > > > ------_=_NextPart_001_01C55FFF.5CB82194 > > > Content-Type: text/plain; > > > charset="us-ascii" > > > Content-Transfer-Encoding: quoted-printable > > > > > > Hi Tim, > > > =20 > > > In order to use the settings you configured for Web Proxy Direct > > Access > > > in the ISA firewall console, you need to complete the process by > > > configuring the Web proxy clients to use the autoconfiguration > script. > > > Autodiscovery will accomplish this just fine, or you can do it > > manually > > > or through Group policy. > > > =20 > > > HTH, > > > Tom > > > www.isaserver.org/shinder <http://www.isaserver.org/shinder>=20 > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>=20 > > > MVP -- ISA Firewalls > > > > > > =20 > > > > > > ________________________________ > > > > > > From: tim S [mailto:tim724342@xxxxxxxxx]=20 > > > Sent: Monday, May 23, 2005 8:15 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] Help with the web proxy setup in ISA 2004 > > > > > > > > > http://www.ISAserver.org=20 > > > I have ISA 2004 on w2k3 and it's an edge firewall. I allow all > > protocol > > > from Internal to External (this will soon be changed). All three > > client > > > types are configured in each workstation. My Internal machines have > > > problem accessing internal websites (No looping through firewall). > If > > I > > > disable the proxy setting in the browser, workstations have no > > problem. > > > I check marked 'By pass addresses found in the Domain Tab" and also > > > entered my internal domain name in the Web browser tab of "Internal" > > > network properties. I still can't get the web proxy clients not to > > > contact ISA for internal websites. If I use the computer name > instead > > > of http://some.http.address.local, everything works fine too. I was > > > able to solve the problem (for the time being) by modifying the > > "Allow > > > all outbound traffic" rule with FROM: Internal and TO: Anywhere. I > > had > > > it preveoulsy as FROM: Internal and TO: External. I think my > solution > > is > > > bit convulated. After reading Tom's book, I didn't want to install > > > Ethereal on my firewall but Network monitor has a big learning > curve. > > > Your help is greatly appreciated. > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Tired of spam? Yahoo! Mail has the best spam protection around=20 > > > http://mail.yahoo.com > > > ------------------------------------------------------ List > Archives: > > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA Server > > > Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server > > > FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > > ------------------------------------------------------ Other > Internet > > > Software Marketing Sites: World of Windows Networking: > > > http://www.windowsnetworking.com Leading Network Software Directory: > > > http://www.serverfiles.com No.1 Exchange Server Resource Site: > > > http://www.msexchange.org Windows Security Resource Site: > > > http://www.windowsecurity.com/ Network Security Library: > > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > > http://www.ntfaxfaq.com > > > ------------------------------------------------------ You are > > currently > > > subscribed to this ISAserver.org Discussion List as: > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist Report abuse > to > > > listadmin@xxxxxxxxxxxxx > > > > > > > > > ------_=_NextPart_001_01C55FFF.5CB82194 > > > Content-Type: text/html; > > > charset="us-ascii" > > > Content-Transfer-Encoding: quoted-printable > > > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > > <HTML><HEAD> > > > <META http-equiv=3DContent-Type content=3D"text/html; = > > > charset=3Dus-ascii"> > > > <META content=3D"MSHTML 6.00.2800.1498" name=3DGENERATOR></HEAD> > > > <BODY>http://www.ISAserver.org<BR> http://www.ISAserver.org<BR> > > http://www.ISAserver.org<BR> > > > > > > > <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT = > > > color=3D#0000ff=20 > > > size=3D2>Hi Tim,</FONT></SPAN></DIV> > > > <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT = > > > color=3D#0000ff=20 > > > size=3D2></FONT></SPAN> </DIV> > > > <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT = > > > color=3D#0000ff=20 > > > size=3D2>In order to use the settings you configured for Web Proxy = > > > Direct Access=20 > > > in the ISA firewall console, you need to complete the process by = > > > configuring the=20 > > > Web proxy clients to use the autoconfiguration script. Autodiscovery > = > > > will=20 > > > accomplish this just fine, or you can do it manually or through > > Group=20 > > > policy.</FONT></SPAN></DIV> > > > <DIV><FONT color=3D#0000ff size=3D2></FONT> </DIV> > > > <DIV><SPAN class=3D665252301-24052005><FONT color=3D#0000ff=20 > > > size=3D2>HTH,</FONT></SPAN></DIV><B> > > > <P align=3Dleft><FONT face=3D"Trebuchet MS" = > > > size=3D2>Tom<BR></FONT></B><A=20 > > > href=3D"http://www.isaserver.org/shinder";><B><U><FONT = > > > color=3D#0000ff><FONT=20 > > > face=3D"Trebuchet MS"=20 > > > > > > size=3D2>www.isaserver.org/shinder</FONT></B></U></FONT></A><BR><B><FONT > > = > > > > > > face=3D"Trebuchet MS" size=3D2><FONT color=3D#004000>Tom and Deb = > > > Shinder's Configuring=20 > > > ISA Server 2004</FONT><BR></FONT></B><A=20 > > > href=3D"http://tinyurl.com/3xqb7";><B><U><FONT > color=3D#0000ff><FONT=20 > > > face=3D"Trebuchet MS"=20 > > > > > > size=3D2>http://tinyurl.com/3xqb7</FONT></B></U></FONT></A><BR><B><FONT= > > 20 > > > face=3D"Trebuchet MS" size=3D2>MVP -- ISA = > > > Firewalls</FONT></B><B></P></B> > > > <DIV> </DIV><BR> > > > <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr > align=3Dleft> > > > <HR tabIndex=3D-1> > > > <FONT face=3DTahoma size=3D2><B>From:</B> tim S = > > > [mailto:tim724342@xxxxxxxxx]=20 > > > <BR><B>Sent:</B> Monday, May 23, 2005 8:15 PM<BR><B>To:</B> = > > > [ISAserver.org=20 > > > Discussion List]<BR><B>Subject:</B> [isalist] Help with the web > proxy > > = > > > setup in=20 > > > ISA 2004<BR></FONT><BR></DIV> > > > <DIV></DIV>http://www.ISAserver.org=20 > > > <DIV>I have ISA 2004 on w2k3 and it's an edge firewall. I > allow > > = > > > all=20 > > > protocol from Internal to External (this will soon be > > changed). All = > > > three=20 > > > client types are configured in each workstation. My=20 > > > Internal machines have problem accessing internal websites > > (No = > > > looping=20 > > > through firewall). If I disable the proxy setting in > > the = > > > > > > browser, workstations have no problem. I check > > marked=20 > > > 'By pass addresses found in the Domain Tab" and also > > entered = > > > my=20 > > > internal domain name in the Web browser tab of "Internal" > > network=20 > > > properties. I still can't get the web proxy > > clients = > > > not to=20 > > > contact ISA for internal websites. If I use the computer > > name = > > > instead=20 > > > of <A = > > > > > > href=3D"http://some.http.address.local";>http://some.http.address.local</ > > A= > > > >,=20 > > > everything works fine too. I was able = > > > to solve the=20 > > > problem (for the time being) by modifying the "Allow all > outbound > > = > > > traffic"=20 > > > rule with FROM: Internal and TO: Anywhere. I had it preveoulsy > > as = > > > FROM:=20 > > > Internal and TO: External. I think my solution is bit = > > > convulated. =20 > > > After reading Tom's book, I didn't want to install Ethereal on my = > > > firewall but=20 > > > Network monitor has a big learning curve. Your help is > > greatly=20 > > > appreciated.</DIV> > > > <P>__________________________________________________<BR>Do You = > > > Yahoo!?<BR>Tired=20 > > > of spam? Yahoo! Mail has the best spam protection around=20 > > > <BR>http://mail.yahoo.com = > > > ------------------------------------------------------=20 > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA = > > > Server=20 > > > Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server > = > > > FAQ:=20 > > > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ=20 > > > ------------------------------------------------------ Other > Internet > > = > > > Software=20 > > > Marketing Sites: World of Windows Networking: = > > > http://www.windowsnetworking.com=20 > > > Leading Network Software Directory: http://www.serverfiles.com No.1 > = > > > Exchange=20 > > > Server Resource Site: http://www.msexchange.org Windows Security = > > > Resource Site:=20 > > > http://www.windowsecurity.com/ Network Security Library: = > > > http://www.secinf.net/=20 > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com=20 > > > ------------------------------------------------------ You are > > currently = > > > > > > subscribed to this ISAserver.org Discussion List as: = > > > tshinder@xxxxxxxxxxxxxxxxxx=20 > > > To unsubscribe visit = > > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist Report=20 > > > abuse to listadmin@xxxxxxxxxxxxx</P> > > ------------------------------------------------------<BR> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR> > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp<BR> > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ<BR> > > ------------------------------------------------------<BR> > > Other Internet Software Marketing Sites:<BR> > > World of Windows Networking: http://www.windowsnetworking.com<BR> > > Leading Network Software Directory: http://www.serverfiles.com<BR> > > No.1 Exchange Server Resource Site: http://www.msexchange.org<BR> > > Windows Security Resource Site: http://www.windowsecurity.com/<BR> > > Network Security Library: http://www.secinf.net/<BR> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<BR> > > ------------------------------------------------------<BR> > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx<BR> > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR> > > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------<BR> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp<BR> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ<BR> > ------------------------------------------------------<BR> > Other Internet Software Marketing Sites:<BR> > World of Windows Networking: http://www.windowsnetworking.com<BR> > Leading Network Software Directory: http://www.serverfiles.com<BR> > No.1 Exchange Server Resource Site: http://www.msexchange.org<BR> > Windows Security Resource Site: http://www.windowsecurity.com/<BR> > Network Security Library: http://www.secinf.net/<BR> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<BR> > ------------------------------------------------------<BR> > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx<BR> > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR> > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------<BR> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp<BR> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ<BR> ------------------------------------------------------<BR> Other Internet Software Marketing Sites:<BR> World of Windows Networking: http://www.windowsnetworking.com<BR> Leading Network Software Directory: http://www.serverfiles.com<BR> No.1 Exchange Server Resource Site: http://www.msexchange.org<BR> Windows Security Resource Site: http://www.windowsecurity.com/<BR> Network Security Library: http://www.secinf.net/<BR> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<BR> ------------------------------------------------------<BR> You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx<BR> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR> Report abuse to listadmin@xxxxxxxxxxxxx </BODY></HTML> > > > > > > ------_=_NextPart_001_01C55FFF.5CB82194-- > > > > > > All mail to and from this domain is GFI-scanned. > > > All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned.