[isalist] Re: ISA and proxy authentication - best way of doing this?
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: isalist <isalist@xxxxxxxxxxxxx>
- Date: Wed, 16 Jan 2008 08:11:15 -0800
HA!
Of course; what should have problems but one of our own...
:)
See if http://support.microsoft.com/kb/910804/ helps for VS2K5...
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Hodgson
Sent: Wednesday, January 16, 2008 8:01 AM
To: isalist
Subject: [isalist] Re: ISA and proxy authentication - best way of doing this?
Hi,
One of the apps which is misbehaving through this is actually Visual Studio
2005, namely the TFS components :).
I haven't looked at the config, but apparently it is causing errors regarding
not being able to connect to the proxy etc.
Also some external PHP stuff - one of them downloading stuff via Pair and Zend
studio.
Andrew.
________________________________
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: 16 January 2008 14:14
To: isalist
Subject: [isalist] Re: ISA and proxy authentication - best way of doing this?
Don't let your users define your ISA policies.
There isn't a (current) operating system that *can't* authenticate using NTLM.
MAC, xNix; whatever.
Tell your "developers" that if they had any sk1llz, they'd already know how to
use NTLM auth, as it's been in use for many years.
http://msdn2.microsoft.com/en-us/library/aa378749.aspx is a good starting
point, and there are several public descriptions of NTLM free for the searching.
Basically, your need to know who is doing what through your firewall is far
more important than their need to get through it.
Get your C-level management behind this policy or you'll soon have a Microsoft
Pix Server operating at your edge.
Jim
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Hodgson
Sent: Wednesday, January 16, 2008 5:26 AM
To: isalist
Subject: [isalist] ISA and proxy authentication - best way of doing this?
Hi,
I have NTLM authentication set on the ISA firewall rules for specific IP
ranges. I am getting shouted at by developers and people using specific apps
because the proxy is not allowing them to authenticate through - or more
correctly, the application isn't allowing it through. These are most often PHP
developers using various PHP based applications etc.
I have created a rule which excludes specific IP addresses from authentication,
which is working, but more and more people are now requesting this.
I wanted this initially for the Websense logging system - but is there any
other way round this?
Thanks.
Andrew.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone,
Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041.
Website: www.allpay.net</>
Email: enquiries@xxxxxxxxxx</>
This email, and any files transmitted with it, is confidential and intended
solely for the use of the individual or entity to whom it is addressed. If you
have received this email in error please notify the allpay.net Information
Security Manager at the number above.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone,
Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041.
Website: www.allpay.net</>
Email: enquiries@xxxxxxxxxx</>
This email, and any files transmitted with it, is confidential and intended
solely for the use of the individual or entity to whom it is addressed. If you
have received this email in error please notify the allpay.net Information
Security Manager at the number above.
Other related posts:
