[isalist] Re: ISA Server 2006: Authentication on single-NIC for specific IP addresses
- From: "Andrew Hodgson" <Andrew.Hodgson@xxxxxxxxxx>
- To: isalist <isalist@xxxxxxxxxxxxx>
- Date: Thu, 4 Oct 2007 16:36:35 +0100
Hi,
Thank you! This is now working grate.
I have a rule for all our workstation ranges which requires
authentication – if I log in as local admin (not on the domain) I get a
pop-up authentication box, which is grate.
Everything else can get through unauthenticated (such as servers, etc).
Are there any other tips for setting up such a configuration? I think I
have everything covered, but just wonder if we could use any other
configurations to improve the security of the box etc.
Thanks.
Andrew.
_____
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: 04 October 2007 15:21
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA Server 2006: Authentication on single-NIC for
specific IP addresses
Create Address Range objects to represent your non-local networks and
use these in the rules you create.
Jim
_____
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Hodgson [Andrew.Hodgson@xxxxxxxxxx]
Sent: Thursday, October 04, 2007 7:02 AM
To: isalist
Subject: [isalist] ISA Server 2006: Authentication on single-NIC for
specific IP addresses
Hi.
I have just installed ISA Server 2006 with Websense and KAV plug-ins in
a single NIC environment (as proxy server only).
I have a small problem – HTTP requests go through the proxy and are
authenticated ok, but HTTPS requests are showing up as coming from
Administrator according to the Websense reports.
I would like to enable forced integrated authentication, but I don’t
want to do this on the web proxy directly on the internal network, since
I have some clients that don’t authenticate (and we don’t want them to
authenticate).
At present I have just an allow any to any rule, but would like to add a
rule above this, that means if traffic comes from specific IP addresses,
then the authentication should kick in. I have tried this, but am
unable to choose a specific network, since the only networks I can
choose are the internal network, which consists of all addresses.
Is there any way round this?
Thanks.
Andrew.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park,
Whitestone, Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041.
Website: www.allpay.net
Email: enquiries@xxxxxxxxxx
This email, and any files transmitted with it, is confidential and
intended solely for the use of the individual or entity to whom it is
addressed. If you have received this email in error please notify the
allpay.net Information Security Manager at the number above.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone,
Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041.
Website: www.allpay.net
Email: enquiries@xxxxxxxxxx
This email, and any files transmitted with it, is confidential and intended
solely for the use of the individual or entity to whom it is addressed. If you
have received this email in error please notify the allpay.net Information
Security Manager at the number above.
Other related posts: