RE: Internet Access behind SBS

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 27 Aug 2003 01:46:07 -0500

Hi Paul,

You shoud rethink your opinion of the Firewall client. The firewall client
is one of the major features that separates an ISA firewall from other
firewalls.  Without the Firewall client, you have just a dumb, no intelligent 
outbound access control firewall like a pix.

Why? Because its this client piece that allows user/group based
access controls for *ALL* protocols and it does not require the application
to be proxy aware and there does not need to be a dedicated "proxy"
component. Even with SOCKS, the application has to be written to be SOCKS
aware. The Firewall client allows you to use any application behind the ISA
firewall. No other firewall that I'm aware can do this.

The Firewall client is the way, the truth and the light. The only compliant
I have is that the documentation on how to actually use the settings in the
wspcfg.ini file are as clear as mud. :-)

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Paul Aitchison [mailto:pdaitch@xxxxxxxxxxxxxxx] 
Sent: Wednesday, August 27, 2003 1:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access behind SBS


http://www.ISAserver.org


I realise that Amy, 

But it is extreme to lump the Firewall Client on every PC. Any of the sites we 
roll out ISA into we purposely avoid putting the Firewall Client on every PC 
and I'd assume that it was David is trying to avoid as well. Last thing you 
want is users with the Firewall Client to be installing spyware and stuff that 
will pass thru ISA without a thought. 

David, in response for IE to autodetect the proxy you need to setup the Auto 
Discovery feature of IE i.e. create a WPAD alias in DNS and/or also a server 
scope option in DHCP. IE if configured to automatically discover proxy should 
look to ur DNS for the WPAD alias and off it goes. 

Cheers
Paul
Senior IT Technician MCSE
Rampant Technology

-----Original Message-----
From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, 27 August 2003 12:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access behind SBS

http://www.ISAserver.org


Yes, the default is to autodetect but the firewall client corrects this and 
enters in the necessary settings under manual. It does it all for you so you 
don't have to go from workstation to workstation.

Amy 
 

-----Original Message-----
From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, August 26, 2003 10:35 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access behind SBS

http://www.ISAserver.org


Sorry, I should have clarified my question better.... I was reading over some 
"tips & tricks" to help improve network performance. One of the suggestions 
what to avoid letting user systems from auto-detecting settings if at all 
possible since it requires more time to negotiate the detection. One of these 
is the proxy configuration... I'm not sure but I thought the default for IE is 
to auto detect....

-----Original Message-----
From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 26, 2003 9:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access behind SBS


http://www.ISAserver.org


When you install the firewall client on the workstations it puts in the IE 
settings for you. By using the setup computer wizard on the server you can have 
the firewall client install automatically for each new user, along with any 
other software you wish the user to have.

Amy 
 

-----Original Message-----
From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, August 26, 2003 10:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access behind SBS

http://www.ISAserver.org


Thanks to everyone who responded. We corrected the problem by manually 
configuring the proxy settings in each of the users IE browsers.

On a side note... is there a "simple" way to have this pre-configured when we 
add new user system to the network?

Thanks again to everyone for their help.

-----Original Message-----
From: Paul Aitchison [mailto:pdaitch@xxxxxxxxxxxxxxx]
Sent: Tuesday, August 26, 2003 9:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access behind SBS


http://www.ISAserver.org


Alternatively, 

You can set up the autodetection in ISA by creating the scope option in your 
DHCP server. 

This is a simple one, are the users that are accessing the web (or attempting 
to) members of the Backoffice Internet Users group?

Cheers

Paul

________________________________________
From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, 27 August 2003 3:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access behind SBS

http://www.ISAserver.org
You'll need the Firewall client running on the workstations. It will configure 
the manual proxy settings in your browser - auto detect will not work.
 
Amy Babinchak
Technology Consultant
Harbor Computer Services
 
-----Original Message-----
From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, August 26, 2003 11:45 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet Access behind SBS
 
Re 1: The wizard created a protocol rule that allows all IP traffic and applies 
to all users.
Re 2: When running the setup within tools/internet options/connection we have 
configured to autodetect proxy settings.... All internal clients are using DHCP 
settings on their NIC so IP's, DNS and gateways should be sent to them from the 
SBS server...
-----Original Message----- 
From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Tue 8/26/2003 10:32 AM 
To: [ISAserver.org Discussion List] 
Cc: 
Subject: [isalist] RE: Internet Access behind SBS
http://www.ISAserver.org



Couple of things:

1) Make sure you have a protocol rule defined, otherwise you aren't getting
out.  Easiest is to create one that allows all traffic (this is outbound
only).
2) Are your clients configured as web proxy clients or snat clients? (web
proxy=proxy settings configured in a browser, snat=def. gateway set to the
internal ISA ip)

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 26, 2003 11:19 AM
To: [ISAserver.org Discussion List]
Subject: Internet Access behind SBS


http://www.ISAserver.org



This is a multi-part message in MIME format.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
dave@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
pdaitch@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
dave@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
dave@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
pdaitch@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')






------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2003