RE: Web proxy or Firewall Client (to be or not to be)

• From: "Lesky Alfonso M." <leskyam@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 17 Feb 2003 02:38:35 -0500

Hi again.

Let me ask you somthing
I have a workstation with an internal IP: 192.168.60.x, I configure the 
IE to point to ISA Server 8080, there is not firewall client software in 
this workstation this is a Web Proxy Client. Right?

I have configured the HTTP Redirector since you adviced to mi, but 
nothing.

Saludos,

Lesky Alfonso M.


-----Original Message-----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Mon, 17 Feb 2003 01:19:29 -0600
Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be)

> http://www.ISAserver.org
> 
> 
> Hi Alfonso,
> 
> There should be no entries in your firewall logs, since the clients are
> not configured as Web Proxy or SecureNAT clients. They should be
> configured as Web Proxy clients only. To ensure that only Web Proxy
> clients are able to access the Internet, configure the HTTP Redirector
> to drop requests from SecureNAT and Firewall clients.
> 
> Then you can analyze the Web Proxy service logs to determine why the
> client can and cannot access FTP sites. Make sure all fields are
> enabled, so that you can tell which rule is alllowing/denying access.
> 
> HTH,
> Tom 
> 
> Thomas W Shinder
> www.isaserver.org/shinder 
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp 
> 
> 
> -----Original Message-----
> From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] 
> Sent: Monday, February 17, 2003 1:01 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> be)
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi, thaks for your time.
> 
> Yes, the clients are logged onto the domain, I have reviewed the logs,
> no 
> just Web proxy logs, the Firewall logs too. 
> 
> Look at the Firewall log when a client request a FTP site:
> 
> 192.168.60.2  -       -       06:52:04        -       169.158.1.20
> 21
>       21      TCP     Connect 13301   -       S&C A Sitios ONAT
> 192.168.60.2  -       -       06:52:04        -       169.158.1.20
> 21
>       21      TCP     Connect 13301   -       S&C A Sitios ONAT
> 
> Why with older vertions of IE I haven't problem with this?
> 
> Note.
> One more data: RAS Clients can navegate FTP Sites.
> 
> 
> -----Original Message-----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Date: Mon, 17 Feb 2003 00:26:46 -0600
> Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> be)
> 
> > http://www.ISAserver.org
> > 
> > 
> > Hi Alfonso,
> > 
> > You need to configure the clients as Web Proxy clients and you need
> to
> > configure the HTTP Redirector to drop requests from Firewall client
> and
> > SecureNAT clients. At that point, only requests from Web Proxy
> clients
> > will be accepted by the Web Proxy service.
> > 
> > However, since you're not using the SecureNAT or Firewall client
> > configurations, the ONLY way the clients will access external FTP
> sites
> > is via the Web Proxy service. Make sure the clients log onto the
> domain
> > so that they have credentials to the send the Web Proxy service.
> > 
> > Review your Web Proxy logs for troubleshooting issues.
> > 
> > HTH,
> > Tom
> > 
> > Thomas W Shinder
> > www.isaserver.org/shinder 
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp
> > 
> >  
> >  
> > 
> > 
> > -----Original Message-----
> > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] 
> > Sent: Sunday, February 16, 2003 11:40 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> > be)
> > 
> > 
> > http://www.ISAserver.org
> > 
> > 
> > 
> > Thanks, but It did not work. 
> > 
> > The clients making the request are not SecureNAT clients nor Firawall
> > Clients. They are just trying to access FTP sites outsite the LAN
> with
> 
> > IE. Remember I wrote that IE versions up to 4.0 works fine.
> > 
> > Saludos,
> > 
> > Lesky Alfonso M.
> > 
> > 
> > -----Original Message-----
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Date: Sun, 16 Feb 2003 23:13:59 -0600
> > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> > be)
> > 
> > > http://www.ISAserver.org
> > > 
> > > 
> > > Hi Alfonso,
> > > 
> > > Configure the HTTP Redirector to drop requests from SecureNAT and
> > > Firewall clients. Then require authentication.
> > > 
> > > HTH,
> > > Tom
> > > 
> > > Thomas W Shinder
> > > www.isaserver.org/shinder 
> > > ISA Server and Beyond: http://tinyurl.com/1jq1
> > > Configuring ISA Server: http://tinyurl.com/1llp
> > > 
> > >  
> > >  
> > > 
> > > 
> > > -----Original Message-----
> > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] 
> > > Sent: Sunday, February 16, 2003 11:03 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Web proxy or Firewall Client (to be or not to
> be)
> > > 
> > > 
> > > http://www.ISAserver.org
> > > 
> > > 
> > > Hi, thanks for your time.
> > > 
> > > Web Proxy Clients appears as Firewall Clients!!!???
> > > 
> > > 1. I have ISA Server (SP1) installed on a w2k.
> > > 2. The objects of the ISA are in the Active Directory 
> > > Schema.
> > > 3. There are Two NICs on the ISA Server PC.
> > > 
> > > When I configure a rule for FTP Access "Applied to any 
> > > request o to a group of IPs" everything is ok, but when I 
> > > Applie this rule to a especific group of users there is no 
> > > access and the Clients appears to be Firewall clients.
> > > Some days ago I installed a computer with W95, IE 3.01 and 
> > > while nobody got access to FTP sites aoutside my network 
> > > that PC got it, I updated IE to version 4.0 and everything 
> > > OK, but que updated to IE 5.0, the situation was the same 
> > > for this PC too. When I install firewall client software 
> > > on workstatios no more problen with FTP access, but I 
> > > think taht is not the solution. This situation is diferent 
> > > with HTTP, I separate the rules (one for FTP & one for 
> > > HTTP) and I am applying the rule to the especific group of 
> > > users without problems.
> > > 
> > > Does anyone know what is going on?
> > > 
> > > Thanks for your time, again.
> > > 
> > > 
> > > Saludos,
> > > 
> > > Lesky Alfonso M.
> > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> > as:
> > > tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> > as:
> > > leskyam@xxxxxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > leskyam@xxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> leskyam@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')

Other related posts:

• » Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---