[isalist] RES: Infor - Help

  • From: "LEANDRO DOS S. FERREIRA - TI" <LEANDRO@xxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 26 Jun 2009 17:17:59 -0300

OK Jim... please give me a tip about my case!!! How can I solve this ?!?!?!

Regards

Leandro

De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] Em nome 
de Jim Harrison
Enviada em: sexta-feira, 26 de junho de 2009 17:04
Para: isalist@xxxxxxxxxxxxx
Assunto: [isalist] Re: Infor - Help

If your web proxy listener is configured as "require all users to 
authenticate", then you have NO anonymous rules.

Jim

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 12:42 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] RES: Infor - Help

Jim... please explain better... my rule is:

ALLOW -> HTTP/HTTPS -> INTERNAL NETWORK -> RANGER IP(BANKS) -> ALL USERS

De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] Em nome 
de Jim Harrison
Enviada em: sexta-feira, 26 de junho de 2009 16:35
Para: isalist@xxxxxxxxxxxxx
Assunto: [isalist] Re: Infor - Help

If the listener is configured to require authentication, the rule configuration 
is moot.
Better that you enforce authentication at the rule level anyway.

Jim

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 8:04 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] RES: Infor - Help

Yes, My Server is configured with Integrated authentication.... But in the rule 
is setup access to ALL USERS and other group that I want that access the 
website.

De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] Em nome 
de D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Enviada em: sexta-feira, 26 de junho de 2009 11:47
Para: isalist@xxxxxxxxxxxxx
Assunto: [isalist] Re: Infor - Help

The log is telling you the problem, authentication.
Is your server configure with Integrated authentication? Is you rule allowing 
all the users or authenticated users?

Regards
Diego R. Pietruszka
MIS - Shift Manager
MSC (USA) - Interlink Transport Technologies
Direct Phone: (908)605-4147

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 10:17 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] RES: Infor - Help

So tks a lot by reply.

When I try Access website bank, without setup webproxy client/firewall client 
at IE I can not get a log. But when I setup the webproxy, the system produce 
this log..... asking me a usr/pwd.... but I do not want that the system request 
me the usr/pwd. I want that this access will be release without authentication.

Denied Connection ISASERVER 6/26/2009 11:10:37 AM Log type: Web Proxy (Forward) 
Status: 12209 The ISA Server requires authorization to fulfill the request. 
Access to the Web Proxy filter is denied. Rule: Source: (10.1.6.39) 
Destination: (10.1.0.100:80) Request: GET http://www.unibanco.com.br/ Filter 
information: Protocol: http User: anonymous

javascript:ToggleList('AddInfoNode')Additional information 
<javascript:ToggleList('AddInfoNode')>
·         Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; 
SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 
3.0.30618)
·         Object source: (No source information is available.)
·         Cache info: 0x0
·         Processing time: 1 ms
·         MIME type:

I


De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] Em nome 
de D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Enviada em: sexta-feira, 26 de junho de 2009 11:03
Para: isalist@xxxxxxxxxxxxx
Assunto: [isalist] Re: Infor - Help

Did you check the log on ISA while your users were trying to access the site?
The log will on most cases which one is the error.

Do that and come back with the results please.

Regards
Diego R. Pietruszka
MIS - Shift Manager
MSC (USA) - Interlink Transport Technologies
Direct Phone: (908)605-4147

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 9:49 AM
To: Isalist (isalist@xxxxxxxxxxxxx)
Subject: [isalist] Infor - Help

Dears,

I had isaserver 2006 and now I would like to release for my users Access to 
wesite Banks. But in this case I would like to realease Access for all over 
network.

Today I had a internet group Access to control the internet Access, I do not 
want use this policy for this.

I create a policy allow (http/https) for all user to only website Banks, but 
this rule is not working.

Can anyone help me ?!?!?

regards

_______________________
Leandro dos Santos Ferreira
IT Team - Segurança da Informação
mailto:leandro@xxxxxxxxxxx
CBMM - Companhia Brasileira de Metalúrgia e Mineração
Inovar - Respeitar - Competir

Other related posts: