RE: Web proxy or Firewall Client (to be or not to be)
- From: "Lesky Alfonso M." <leskyam@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 19 Feb 2003 00:05:20 -0500
Hi, Tom
It seems to be a problem related to the authentication, I have been
reading about it.
this is from the ISA Server Help (isa.chm)
Theme: 'HTTP redirector filter'
"When the HTTP redirector filter passes a request from a Firewall client
to the Web Proxy service, the client's authentication information is
lost. Therefore, when the HTTP redirector filter is enabled and
configured to redirect to the Web Proxy service, requests from Firewall
client is handled as unauthenticated. If unauthenticated access is not
allowed, such requests will be denied"
Remember when I said that if I configure the Rule to allow access to any
request or by IPs the problem dessapears?
By the way your articles at www.isaserver.org are very interesting.
Thanks again Thomas.
Saludos,
Lesky Alfonso M.
-----Original Message-----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Tue, 18 Feb 2003 20:36:31 -0600
Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be)
> http://www.ISAserver.org
>
>
> Hi Alfonso,
>
> Its interesting that when I configured a machine to be a SecureNAT
> client and a Web Proxy client, then FTP connection failed to work. You
> might want to check out Stefaan Pouseele's article on FTP over at
> www.isaserver.org, I believe he covered the circumstances when FTP
> requests from the browser are not sent through the Web Proxy service.
>
> HTH,
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
> -----Original Message-----
> From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx]
> Sent: Tuesday, February 18, 2003 12:15 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> be)
>
>
> http://www.ISAserver.org
>
>
> Thanks Tom, your are right man, my clients are SecureNAT Clients.
>
> I use DHCP and I have an option configured (003 Router), all of then
> pickup the default gateway when they startup, what do you advise to
> me?.
>
> Please I hope you find patient to forgive my ignorance and to answer
> some
> more questions.
>
> 1. RRAS Clients always appears with a Default gateway and they can
> access
> ftp sites Why?
>
> 2. What about if I need to PING some IPs or Names to test connectivity,
> is a solution to add static routes to the clients?
>
> 3. What is that message that apears telling me:
>
> ISA Server: extended error message :
> 200 Type set to I.
> 200 PORT Command successful.
> 550 Permission denied.
>
> when I am accesing 'some' FTP sites?
>
> 4. Do you remember when I wrote about a workstation with Win95 and IE
> 3.0
> (with a default gateway)? And later it was updated to IE 4.0 and it was
> accessing ok all the FTP sites, wuat about this?
>
> As you can see this open a tree of new questions to me
>
> Note.
> I had been in isaserver.org and there are very good articles with your
> name. I download some of them like: "Issues with the Internet Explorer
> FTP Client" AND "The SecureNAT Client" By Thomas Shinder, both of them,
> this name remember me someone who took me out a hurry!
>
> Forgive my English it is no my default language.
>
> Well, once again Thanks a lot Tom.
>
>
> -----Original Message-----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Date: Mon, 17 Feb 2003 21:31:37 -0600
> Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> be)
>
> > http://www.ISAserver.org
> >
> >
> > Hi Alfonso,
> >
> > OK, here's the test:
> >
> > 1. Client is a machine configured as a Web Proxy client
> >
> > 2. Firewall client software is DISABLED
> >
> > 3. Default gateway is removed
> >
> > 4. Browser configured to use PORT mode; that is, the option to use
> PASV
> > was not selected
> >
> > When to ftp.microsoft.com I got the usual "you can only download"
> > because the client is a Web Proxy client only, so that's OK.
> Connected
> > to the MS FTP site and downloaded a file. Then I checked the logs. No
> > entry in the firewall log, and entries confirming my connections to
> the
> > MS FTP site.
> >
> > So, you should have no entries in your firewall log when making these
> > FTP requests. Your clients must be either Firewall or SecureNAT
> > clients?
> >
> > HTH,
> > Tom
> >
> > Thomas W Shinder
> > www.isaserver.org/shinder
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp
> >
> >
> > -----Original Message-----
> > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx]
> > Sent: Monday, February 17, 2003 8:53 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> > be)
> >
> >
> > http://www.ISAserver.org
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > leskyam@xxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> leskyam@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
Other related posts:
