Hi again. Let me ask you somthing I have a workstation with an internal IP: 192.168.60.x, I configure the IE to point to ISA Server 8080, there is not firewall client software in this workstation this is a Web Proxy Client. Right? I have configured the HTTP Redirector since you adviced to mi, but nothing. Saludos, Lesky Alfonso M. -----Original Message----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Date: Mon, 17 Feb 2003 01:19:29 -0600 Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be) > http://www.ISAserver.org > > > Hi Alfonso, > > There should be no entries in your firewall logs, since the clients are > not configured as Web Proxy or SecureNAT clients. They should be > configured as Web Proxy clients only. To ensure that only Web Proxy > clients are able to access the Internet, configure the HTTP Redirector > to drop requests from SecureNAT and Firewall clients. > > Then you can analyze the Web Proxy service logs to determine why the > client can and cannot access FTP sites. Make sure all fields are > enabled, so that you can tell which rule is alllowing/denying access. > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > -----Original Message----- > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > Sent: Monday, February 17, 2003 1:01 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > be) > > > http://www.ISAserver.org > > > Hi, thaks for your time. > > Yes, the clients are logged onto the domain, I have reviewed the logs, > no > just Web proxy logs, the Firewall logs too. > > Look at the Firewall log when a client request a FTP site: > > 192.168.60.2 - - 06:52:04 - 169.158.1.20 > 21 > 21 TCP Connect 13301 - S&C A Sitios ONAT > 192.168.60.2 - - 06:52:04 - 169.158.1.20 > 21 > 21 TCP Connect 13301 - S&C A Sitios ONAT > > Why with older vertions of IE I haven't problem with this? > > Note. > One more data: RAS Clients can navegate FTP Sites. > > > -----Original Message----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Date: Mon, 17 Feb 2003 00:26:46 -0600 > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > be) > > > http://www.ISAserver.org > > > > > > Hi Alfonso, > > > > You need to configure the clients as Web Proxy clients and you need > to > > configure the HTTP Redirector to drop requests from Firewall client > and > > SecureNAT clients. At that point, only requests from Web Proxy > clients > > will be accepted by the Web Proxy service. > > > > However, since you're not using the SecureNAT or Firewall client > > configurations, the ONLY way the clients will access external FTP > sites > > is via the Web Proxy service. Make sure the clients log onto the > domain > > so that they have credentials to the send the Web Proxy service. > > > > Review your Web Proxy logs for troubleshooting issues. > > > > HTH, > > Tom > > > > Thomas W Shinder > > www.isaserver.org/shinder > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > > > > > > > -----Original Message----- > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > > Sent: Sunday, February 16, 2003 11:40 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > > be) > > > > > > http://www.ISAserver.org > > > > > > > > Thanks, but It did not work. > > > > The clients making the request are not SecureNAT clients nor Firawall > > Clients. They are just trying to access FTP sites outsite the LAN > with > > > IE. Remember I wrote that IE versions up to 4.0 works fine. > > > > Saludos, > > > > Lesky Alfonso M. > > > > > > -----Original Message----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Date: Sun, 16 Feb 2003 23:13:59 -0600 > > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > > be) > > > > > http://www.ISAserver.org > > > > > > > > > Hi Alfonso, > > > > > > Configure the HTTP Redirector to drop requests from SecureNAT and > > > Firewall clients. Then require authentication. > > > > > > HTH, > > > Tom > > > > > > Thomas W Shinder > > > www.isaserver.org/shinder > > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > > > > > > > > > > > > > -----Original Message----- > > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > > > Sent: Sunday, February 16, 2003 11:03 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] Web proxy or Firewall Client (to be or not to > be) > > > > > > > > > http://www.ISAserver.org > > > > > > > > > Hi, thanks for your time. > > > > > > Web Proxy Clients appears as Firewall Clients!!!??? > > > > > > 1. I have ISA Server (SP1) installed on a w2k. > > > 2. The objects of the ISA are in the Active Directory > > > Schema. > > > 3. There are Two NICs on the ISA Server PC. > > > > > > When I configure a rule for FTP Access "Applied to any > > > request o to a group of IPs" everything is ok, but when I > > > Applie this rule to a especific group of users there is no > > > access and the Clients appears to be Firewall clients. > > > Some days ago I installed a computer with W95, IE 3.01 and > > > while nobody got access to FTP sites aoutside my network > > > that PC got it, I updated IE to version 4.0 and everything > > > OK, but que updated to IE 5.0, the situation was the same > > > for this PC too. When I install firewall client software > > > on workstatios no more problen with FTP access, but I > > > think taht is not the solution. This situation is diferent > > > with HTTP, I separate the rules (one for FTP & one for > > > HTTP) and I am applying the rule to the especific group of > > > users without problems. > > > > > > Does anyone know what is going on? > > > > > > Thanks for your time, again. > > > > > > > > > Saludos, > > > > > > Lesky Alfonso M. > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Exchange Server Resource Site: http://www.msexchange.org/ > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Exchange Server Resource Site: http://www.msexchange.org/ > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > leskyam@xxxxxxxxxxxxxxx > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List > as: > > tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List > as: > > leskyam@xxxxxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > leskyam@xxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub')