[isalist] Re: SurfControl/Direct Access...

From: "Roy Tsao" <caohuiming@xxxxxxxxxxxxx>
To: <isalist@xxxxxxxxxxxxx>
Date: Tue, 22 Aug 2006 17:16:39 +0800
> Hi Dan,
> 
> 1) If your client access the unwanted monitor site through ISA
>   (ISA is a router between two subnet), you need to set unmonitored
>   site at SWF
> 2) If your client can access the site by another route without need
>   to go thourgh ISA, then you shall deploy direct access for
>   client depending on client type (WPC or FWC). It has nothing to
>   do with SWF setting.
> ----- Original Message ----- 
> From: "Ball, Dan" <DBall@xxxxxxxxxxx>
> To: <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, August 22, 2006 10:44 AM
> Subject: [isalist] Re: SurfControl/Direct Access...
> 
> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>  
>> Yes they are.
>> 
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thomas W Shinder
>> Sent: Monday, August 21, 2006 10:31 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: SurfControl/Direct Access...
>> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>  
>> Are the Web proxy clients configured to use the autoconfiguration
>> script?
>> 
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://blogs.isaserver.org/shinder/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>> 
>> 
>> 
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx 
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan
>>> Sent: Monday, August 21, 2006 9:25 PM
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Re: SurfControl/Direct Access...
>>> 
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>   
>>> I've been digging through my archives for the last hour, and 
>>> cannot find
>>> what I remember... Maybe it's just my old-age kicking in, and I'm
>>> remembering things that didn't happen...
>>> 
>>> Anyways, I've gone through the Direct Access settings over 
>>> and over, and
>>> cannot find what might be wrong.  Only thing I can think of is the
>>> wpad/wspad settings...
>>> 
>>> 
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx 
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>> On Behalf Of Thomas W Shinder
>>> Sent: Monday, August 21, 2006 10:00 PM
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Re: SurfControl/Direct Access...
>>> 
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>   
>>> Hi Dan,
>>> 
>>> For internal connections, Direct Access is entirely a client function.
>>> ISA is never in the picture.
>>> 
>>> Tom
>>> 
>>> Thomas W Shinder, M.D.
>>> Site: www.isaserver.org
>>> Blog: http://blogs.isaserver.org/shinder/
>>> Book: http://tinyurl.com/3xqb7
>>> MVP -- ISA Firewalls
>>> 
>>>  
>>> 
>>> > -----Original Message-----
>>> > From: isalist-bounce@xxxxxxxxxxxxx 
>>> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan
>>> > Sent: Monday, August 21, 2006 8:36 PM
>>> > To: isalist@xxxxxxxxxxxxx
>>> > Subject: [isalist] Re: SurfControl/Direct Access...
>>> > 
>>> > http://www.ISAserver.org
>>> > -------------------------------------------------------
>>> >   
>>> > That is what we were talking about, it IS configured for 
>>> > direct access,
>>> > but no matter what I do the traffic shows up as passing 
>>> > through the ISA
>>> > server.  I seem to recall discussing this with you before, 
>>> and it was
>>> > determined that SurfControl had basically disabled the Direct 
>>> > Access.  
>>> > 
>>> > Geesh, now you got me wondering what was really said.  I'll 
>>> > have to dig
>>> > through my e-mail archives to find out what we talked about 
>>> > last time...
>>> > 
>>> > -----Original Message-----
>>> > From: isalist-bounce@xxxxxxxxxxxxx 
>>> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>> > On Behalf Of Thomas W Shinder
>>> > Sent: Monday, August 21, 2006 8:12 PM
>>> > To: isalist@xxxxxxxxxxxxx
>>> > Subject: [isalist] Re: SurfControl/Direct Access...
>>> > 
>>> > http://www.ISAserver.org
>>> > -------------------------------------------------------
>>> >   
>>> > Hi Dan,
>>> > 
>>> > To solve that problem you need to enable Direct Access to 
>>> the internal
>>> > sites.
>>> > 
>>> > Tom
>>> > 
>>> > Thomas W Shinder, M.D.
>>> > Site: www.isaserver.org
>>> > Blog: http://blogs.isaserver.org/shinder/
>>> > Book: http://tinyurl.com/3xqb7
>>> > MVP -- ISA Firewalls
>>> > 
>>> >  
>>> > 
>>> > > -----Original Message-----
>>> > > From: isalist-bounce@xxxxxxxxxxxxx 
>>> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan
>>> > > Sent: Monday, August 21, 2006 6:56 PM
>>> > > To: isalist@xxxxxxxxxxxxx
>>> > > Subject: [isalist] Re: SurfControl/Direct Access...
>>> > > 
>>> > > http://www.ISAserver.org
>>> > > -------------------------------------------------------
>>> > >   
>>> > > Yes, that was the problem we were running into.  Surfcontrol was
>>> > > "automatically" monitoring every user that browsed our published
>>> > > webserver from the Internet, making the saved history 
>>> > > database useless.
>>> > > I'd go in and deselect all the external hostnames, tell 
>>> > > SurfControl not
>>> > > to monitor them, and the next day I'd have a couple hundred 
>>> > more to do
>>> > > it all over again.  It proved to be quite tedious since 
>>> I'd have to
>>> > > browse through that narrow list box to select all the 
>>> > hostnames, stop
>>> > > the database, save the changes, and start it again.
>>> > > 
>>> > > I finally fixed that by stopping it from monitoring port 
>>> 80, now it
>>> > > monitors only port 8080, the proxy port.  That seems to be 
>>> > > working now,
>>> > > the only ones "automatically" monitored are the users using 
>>> > the proxy,
>>> > > which is who we want to monitor anyways.
>>> > > 
>>> > > But, that doesn't solve the problem I have now, the 
>>> requests really
>>> > > "shouldn't" be passing through the ISA server in the first 
>>> > > place if they
>>> > > are going to the webserver on the same internal subnet.
>>> > >   
>>> > > 
>>> > > -----Original Message-----
>>> > > From: isalist-bounce@xxxxxxxxxxxxx 
>>> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>> > > On Behalf Of Crockett, Gregory
>>> > > Sent: Monday, August 21, 2006 6:49 PM
>>> > > To: isalist@xxxxxxxxxxxxx
>>> > > Subject: [isalist] Re: SurfControl/Direct Access...
>>> > > 
>>> > > http://www.ISAserver.org
>>> > > -------------------------------------------------------
>>> > >   
>>> > > Add the sites to "unmonitored sites" found under the monitor
>>> > > application/monitored data tab.  There, you should list all 
>>> > > sites and ip
>>> > > addresses of all host that you do not want monitored.  This 
>>> > > includes web
>>> > > enabled devices (switches, etc.) that are accessed 
>>> through isa from
>>> > > Internal to internal networks.  If not, they (users either 
>>> > > authenticated
>>> > > or unauthenticated) will eat at your license count.
>>> > > 
>>> > > greg
>>> > > 
>>> > > Sent from mobile Outlook.
>>> > > 
>>> > > -----Original Message-----
>>> > > From: "Ball, Dan" <DBall@xxxxxxxxxxx>
>>> > > To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
>>> > > Sent: 8/21/06 2:19 PM
>>> > > Subject: [isalist] SurfControl/Direct Access...
>>> > > 
>>> > > Tom, what is the current status of Direct Access when used in
>>> > > conjunction with SurfControl?  I remember you saying 
>>> > > something about it
>>> > > before, but I can't find my e-mails on it.  I was working with
>>> > > SurfControl quite a bit last week, trying to work out some of 
>>> > > the bugs,
>>> > > and thought it would be really nice if I can get the local 
>>> > web traffic
>>> > > to stop going through the ISA server also.  
>>> > > 
>>> > >  
>>> > > 
>>> > > I finally figured out a way to get it to stop monitoring 
>>> > > users from the
>>> > > Internet, so that helps.  SurfControl support seemed 
>>> > surprised that it
>>> > > was doing that...
>>> > > 
>>> > >  
>>> > > 
>>> > > ------------------------------------------------------
>>> > > List Archives: //www.freelists.org/archives/isalist/  
>>> > > ISA Server Newsletter: 
>>> > http://www.isaserver.org/pages/newsletter.asp 
>>> > > ISA Server Articles and Tutorials:
>>> > > http://www.isaserver.org/articles_tutorials/ 
>>> > > ISA Server Blogs: http://blogs.isaserver.org/ 
>>> > > ------------------------------------------------------
>>> > > Visit TechGenix.com for more information about our other sites:
>>> > > http://www.techgenix.com 
>>> > > ------------------------------------------------------
>>> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>>> > > Report abuse to listadmin@xxxxxxxxxxxxx 
>>> > > 
>>> > > ------------------------------------------------------
>>> > > List Archives: //www.freelists.org/archives/isalist/  
>>> > > ISA Server Newsletter: 
>>> > http://www.isaserver.org/pages/newsletter.asp 
>>> > > ISA Server Articles and Tutorials: 
>>> > > http://www.isaserver.org/articles_tutorials/ 
>>> > > ISA Server Blogs: http://blogs.isaserver.org/ 
>>> > > ------------------------------------------------------
>>> > > Visit TechGenix.com for more information about our other sites:
>>> > > http://www.techgenix.com 
>>> > > ------------------------------------------------------
>>> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>>> > > Report abuse to listadmin@xxxxxxxxxxxxx 
>>> > > 
>>> > > 
>>> > > 
>>> > ------------------------------------------------------
>>> > List Archives: //www.freelists.org/archives/isalist/  
>>> > ISA Server Newsletter: 
>>> http://www.isaserver.org/pages/newsletter.asp 
>>> > ISA Server Articles and Tutorials:
>>> > http://www.isaserver.org/articles_tutorials/ 
>>> > ISA Server Blogs: http://blogs.isaserver.org/ 
>>> > ------------------------------------------------------
>>> > Visit TechGenix.com for more information about our other sites:
>>> > http://www.techgenix.com 
>>> > ------------------------------------------------------
>>> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>>> > Report abuse to listadmin@xxxxxxxxxxxxx 
>>> > 
>>> > ------------------------------------------------------
>>> > List Archives: //www.freelists.org/archives/isalist/  
>>> > ISA Server Newsletter: 
>>> http://www.isaserver.org/pages/newsletter.asp 
>>> > ISA Server Articles and Tutorials: 
>>> > http://www.isaserver.org/articles_tutorials/ 
>>> > ISA Server Blogs: http://blogs.isaserver.org/ 
>>> > ------------------------------------------------------
>>> > Visit TechGenix.com for more information about our other sites:
>>> > http://www.techgenix.com 
>>> > ------------------------------------------------------
>>> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>>> > Report abuse to listadmin@xxxxxxxxxxxxx 
>>> > 
>>> > 
>>> > 
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/  
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/ 
>>> ISA Server Blogs: http://blogs.isaserver.org/ 
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com 
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>>> Report abuse to listadmin@xxxxxxxxxxxxx 
>>> 
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/  
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
>>> ISA Server Articles and Tutorials: 
>>> http://www.isaserver.org/articles_tutorials/ 
>>> ISA Server Blogs: http://blogs.isaserver.org/ 
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com 
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>>> Report abuse to listadmin@xxxxxxxxxxxxx 
>>> 
>>> 
>>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/  
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/ 
>> ISA Server Blogs: http://blogs.isaserver.org/ 
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com 
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>> Report abuse to listadmin@xxxxxxxxxxxxx 
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/  
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
>> ISA Server Articles and Tutorials: 
>> http://www.isaserver.org/articles_tutorials/ 
>> ISA Server Blogs: http://blogs.isaserver.org/ 
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com 
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
>> Report abuse to listadmin@xxxxxxxxxxxxx 
>> 
>>
Follow-Ups:
- [isalist] Re: SurfControl/Direct Access...
  - From: Ball, Dan
[isalist] Re: SurfControl/Direct Access...

Other related posts:
