Re: RES: Re: RES: Re: Channel WebProxy

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 7 Nov 2002 14:46:24 -0800

Negotiation of the client certificate through the web proxy service is 
irrelevant.
Port 443 is the standard port for SSL, but it doesn't depend on the Web Proxy 
service, nor does it mean that they're actually using it for SSL communications.
SecureNAT and Firewall clients can also use port 443 if an appropriate protocol 
rule is in place.

You  haven't described the actual problem that causes your bank to define your 
ISA setup.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the help / books / articles!

  ----- Original Message ----- 
  From: Alex Decarli 
  To: [ISAserver.org Discussion List] 
  Sent: Thursday, November 07, 2002 10:07 AM
  Subject: [isalist] RES: Re: RES: Re: Channel WebProxy


  http://www.ISAserver.org


  I agree about array.
  But 443 port is used by WEBBased clients, am I right ?
  So, HTTP redirector aftect they.

  My doubt is the negotiation of client certificate (in this particular case) 
is made throught
  webproxy service. If I set the firewall client, can I to do a directly 
negotiation with the server bank ?
    -----Mensagem original-----
    De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
    Enviada em: quinta-feira, 7 de novembro de 2002 15:53
    Para: [ISAserver.org Discussion List]
    Assunto: [isalist] Re: RES: Re: Channel WebProxy


    http://www.ISAserver.org


    The solution is only useful if you have more than one server in the ISA 
Array.
    How many servers are you using?
    The application filter they vaguely refer to is the HTTP redirector and the 
setting will only apply to SecureNAT and Firewall clients.
    As long as the remainder of your LAT hosts are Web Proxy clients, this 
setting will not affect them.

     Jim Harrison
     MCP(NT4, W2K), A+, Network+, PCG
     http://isaserver.org/pages/author_index.asp?aut=3
     http://isatools.org
     Read the help / books / articles!

      ----- Original Message ----- 
      From: Alex Decarli 
      To: [ISAserver.org Discussion List] 
      Sent: Thursday, November 07, 2002 7:40 AM
      Subject: [isalist] RES: Re: Channel WebProxy


      http://www.ISAserver.org


      Web log show-me connection allowed on 443 port.
      there's no log entries with deny.

      A relevant data is it's negociate a certificate with the Bank Server.
        -----Mensagem original-----
        De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
        Enviada em: quinta-feira, 7 de novembro de 2002 13:39
        Para: [ISAserver.org Discussion List]
        Assunto: [isalist] Re: Channel WebProxy


        http://www.ISAserver.org


        Take a look in the web logs; it'll tell you if the SSL connection is 
using a port other than 443.
        If so then you'll need to add another SSL tunnel port range for the ISA.

         Jim Harrison
         MCP(NT4, W2K), A+, Network+, PCG
         http://isaserver.org/pages/author_index.asp?aut=3
         http://isatools.org
         Read the help / books / articles!

          ----- Original Message ----- 
          From: Alex Decarli 
          To: [ISAserver.org Discussion List] 
          Sent: Monday, November 04, 2002 10:43 AM
          Subject: [isalist] Channel WebProxy


          http://www.ISAserver.org


          Hi folks,


          I've a exclusive client that need to run a specific aplication of a 
Brazilian Bank that does not allow a channel with the ISA WebProxy Service.
          The solution that the Bank gave-me was:  Send to requested Web Server 
in aplication filter to the access work properlly and install the firewall 
client.

          But , if I do it, all network clients will complain of Internet 
performance. Because the web cache not will be make.
          I need only allow the this specified client run internet SSL page and 
this Socket application software without WebProxy Channel. How can I to do this 
?


          Alex Decarli


          ------------------------------------------------------
          List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
          ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
          ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
          ------------------------------------------------------
          Exchange Server Resource Site: http://www.msexchange.org/
          Windows Security Resource Site: http://www.windowsecurity.com/
          Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
          ------------------------------------------------------
          You are currently subscribed to this ISAserver.org Discussion List 
as: jim@xxxxxxxxxxxx
          To unsubscribe send a blank email to $subst('Email.Unsub') 
        ------------------------------------------------------
        List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion List as: 
alex@xxxxxxxxxxxxx
        To unsubscribe send a blank email to $subst('Email.Unsub') 
      ------------------------------------------------------
      List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
      ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
      ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
      ------------------------------------------------------
      Exchange Server Resource Site: http://www.msexchange.org/
      Windows Security Resource Site: http://www.windowsecurity.com/
      Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
      ------------------------------------------------------
      You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
      To unsubscribe send a blank email to $subst('Email.Unsub') 
    ------------------------------------------------------
    List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
    ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
    ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
    ------------------------------------------------------
    Exchange Server Resource Site: http://www.msexchange.org/
    Windows Security Resource Site: http://www.windowsecurity.com/
    Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
    ------------------------------------------------------
    You are currently subscribed to this ISAserver.org Discussion List as: 
alex@xxxxxxxxxxxxx
    To unsubscribe send a blank email to $subst('Email.Unsub') 
  ------------------------------------------------------
  List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
  ------------------------------------------------------
  Exchange Server Resource Site: http://www.msexchange.org/
  Windows Security Resource Site: http://www.windowsecurity.com/
  Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2002