Hi, One of the apps which is misbehaving through this is actually Visual Studio 2005, namely the TFS components *. I haven’t looked at the config, but apparently it is causing errors regarding not being able to connect to the proxy etc. Also some external PHP stuff – one of them downloading stuff via Pair and Zend studio. Andrew. _____ From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 16 January 2008 14:14 To: isalist Subject: [isalist] Re: ISA and proxy authentication - best way of doing this? Don’t let your users define your ISA policies. There isn’t a (current) operating system that *can’t* authenticate using NTLM. MAC, xNix; whatever. Tell your “developers” that if they had any sk1llz, they’d already know how to use NTLM auth, as it’s been in use for many years. http://msdn2.microsoft.com/en-us/library/aa378749.aspx is a good starting point, and there are several public descriptions of NTLM free for the searching. Basically, your need to know who is doing what through your firewall is far more important than their need to get through it. Get your C-level management behind this policy or you’ll soon have a Microsoft Pix Server operating at your edge. Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson Sent: Wednesday, January 16, 2008 5:26 AM To: isalist Subject: [isalist] ISA and proxy authentication - best way of doing this? Hi, I have NTLM authentication set on the ISA firewall rules for specific IP ranges. I am getting shouted at by developers and people using specific apps because the proxy is not allowing them to authenticate through – or more correctly, the application isn’t allowing it through. These are most often PHP developers using various PHP based applications etc. I have created a rule which excludes specific IP addresses from authentication, which is working, but more and more people are now requesting this. I wanted this initially for the Websense logging system – but is there any other way round this? Thanks. Andrew. -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@xxxxxxxxxx This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above. -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@xxxxxxxxxx This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above.