Re: Quick (and probably obvious) question

Yea...I would imagine so.

 

Convenient that they fail to mention this small problem when they sell you
the product.

 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, August 13, 2002 5:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Quick (and probably obvious) question

 

http://www.ISAserver.org

Their statement makes sense.

Since SurfControl installs itself as a web filter, it can't control
SecureNAT and FW client web access if they don't use the Web Proxy service.

They can only get there via the HTTP redirector.

The problem is that they all appear to come from the ISA itself (127.0.0.1),
and you lose any user-specific information, since the HTTP redirector drops
credentials.

 

You'll get better logs if you force your users to talk only to the ISA Web
Proxy service.

 

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
<http://isaserver.org/authors/harrison> 
http://jalojash.org/isatools <http://jalojash.org/isatools> 
Read the books!

----- Original Message ----- 

From: Rogers, <mailto:RogersB@xxxxxxxxxxxxxx>  Brian 

To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx>  Discussion List] 

Sent: Tuesday, August 13, 2002 2:01 PM

Subject: [isalist] Re: Quick (and probably obvious) question

 

http://www.ISAserver.org <http://www.ISAserver.org> 

Hmm...I was told by the surfcontrol people that the only way to monitor
firewall/snat clients via Superscout was to use this setting (redirect
firewall/snat to web proxy)

 

Very interesting indeed.  Thanks for the info!

 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, August 13, 2002 4:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Quick (and probably obvious) question

 

http://www.ISAserver.org

You'll see this when SecureNAT and Firewall clients access the web proxy
service via the HTTP Redirector.

Unless you have to allow direct web access for them, set it to "Reject" and
you should see these drop off.

It *could* also be SurfControl...

 

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
<http://isaserver.org/authors/harrison> 
http://jalojash.org/isatools <http://jalojash.org/isatools> 
Read the books!

----- Original Message ----- 

From: Rogers, <mailto:RogersB@xxxxxxxxxxxxxx>  Brian 

To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx>  Discussion List] 

Sent: Tuesday, August 13, 2002 10:16 AM

Subject: [isalist] Quick (and probably obvious) question

 

http://www.ISAserver.org <http://www.ISAserver.org> 



When looking at the "Sessions" container in ISA management I see quite a few
rather unusual entries on a consistent basis.

Session Type - Web Session 
User Name - Anonymous 
Client Computer - Blank 
Client Address - External Routable IP or 127.0.0.1 (this one bugs me) 
Activiation - Current Date/time 

 

My question is this.  I would assume that the Client Address section lists
External Routable IP addresses this is tracking an inbound Web session to
one of our published websites/ftp sites through the ISA Server.   However
what I don't get is the 127.0.0.1 entry.  Noone logs on to the ISA box
itself and browses the web.

It is obvious that A LOT of web traffic is being generated with the source
address being 127.0.0.1 as we use Surfcontrol to monitor proxy traffic.  It
shows 10s of thousands of hits to various websites from the client 127.0.0.1
and I cannot figure out why.

Normal proxy and firewall clients show up just fine in the Surfcontrol
reports....I just cannot figure out why all this traffic is listing itself
as coming from the loopback adapter.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rogersb@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rogersb@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts: