RE: Web proxy or Firewall Client (to be or not to be)

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 17 Feb 2003 19:21:49 -0600

Hi Alfonso,

That is correct. If the machine is configured as a Web Proxy client
only, you should see connections only with the Web Proxy service. Then
you can post your Web Proxy logs with the problematic entries and we can
determine what the problem might be.

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp 


-----Original Message-----
From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] 
Sent: Monday, February 17, 2003 1:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be)


http://www.ISAserver.org


Hi again.

Let me ask you somthing
I have a workstation with an internal IP: 192.168.60.x, I configure the 
IE to point to ISA Server 8080, there is not firewall client software in

this workstation this is a Web Proxy Client. Right?

I have configured the HTTP Redirector since you adviced to mi, but 
nothing.

Saludos,

Lesky Alfonso M.


-----Original Message-----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Mon, 17 Feb 2003 01:19:29 -0600
Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be)

> http://www.ISAserver.org
> 
> 
> Hi Alfonso,
> 
> There should be no entries in your firewall logs, since the clients
are
> not configured as Web Proxy or SecureNAT clients. They should be
> configured as Web Proxy clients only. To ensure that only Web Proxy
> clients are able to access the Internet, configure the HTTP Redirector
> to drop requests from SecureNAT and Firewall clients.
> 
> Then you can analyze the Web Proxy service logs to determine why the
> client can and cannot access FTP sites. Make sure all fields are
> enabled, so that you can tell which rule is alllowing/denying access.
> 
> HTH,
> Tom 
> 
> Thomas W Shinder
> www.isaserver.org/shinder 
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp 
> 
> 
> -----Original Message-----
> From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] 
> Sent: Monday, February 17, 2003 1:01 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> be)
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi, thaks for your time.
> 
> Yes, the clients are logged onto the domain, I have reviewed the logs,
> no 
> just Web proxy logs, the Firewall logs too. 
> 
> Look at the Firewall log when a client request a FTP site:
> 
> 192.168.60.2  -       -       06:52:04        -       169.158.1.20
> 21
>       21      TCP     Connect 13301   -       S&C A Sitios ONAT
> 192.168.60.2  -       -       06:52:04        -       169.158.1.20
> 21
>       21      TCP     Connect 13301   -       S&C A Sitios ONAT
> 
> Why with older vertions of IE I haven't problem with this?
> 
> Note.
> One more data: RAS Clients can navegate FTP Sites.
> 
> 
> -----Original Message-----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Date: Mon, 17 Feb 2003 00:26:46 -0600
> Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> be)
> 
> > http://www.ISAserver.org
> > 
> > 
> > Hi Alfonso,
> > 
> > You need to configure the clients as Web Proxy clients and you need
> to
> > configure the HTTP Redirector to drop requests from Firewall client
> and
> > SecureNAT clients. At that point, only requests from Web Proxy
> clients
> > will be accepted by the Web Proxy service.
> > 
> > However, since you're not using the SecureNAT or Firewall client
> > configurations, the ONLY way the clients will access external FTP
> sites
> > is via the Web Proxy service. Make sure the clients log onto the
> domain
> > so that they have credentials to the send the Web Proxy service.
> > 
> > Review your Web Proxy logs for troubleshooting issues.
> > 
> > HTH,
> > Tom
> > 
> > Thomas W Shinder
> > www.isaserver.org/shinder 
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp
> > 
> >  
> >  
> > 
> > 
> > -----Original Message-----
> > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] 
> > Sent: Sunday, February 16, 2003 11:40 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> > be)
> > 
> > 
> > http://www.ISAserver.org
> > 
> > 
> > 
> > Thanks, but It did not work. 
> > 
> > The clients making the request are not SecureNAT clients nor
Firawall
> > Clients. They are just trying to access FTP sites outsite the LAN
> with
> 
> > IE. Remember I wrote that IE versions up to 4.0 works fine.
> > 
> > Saludos,
> > 
> > Lesky Alfonso M.
> > 
> > 
> > -----Original Message-----
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Date: Sun, 16 Feb 2003 23:13:59 -0600
> > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to
> > be)
> > 
> > > http://www.ISAserver.org
> > > 
> > > 
> > > Hi Alfonso,
> > > 
> > > Configure the HTTP Redirector to drop requests from SecureNAT and
> > > Firewall clients. Then require authentication.
> > > 
> > > HTH,
> > > Tom
> > > 
> > > Thomas W Shinder
> > > www.isaserver.org/shinder 
> > > ISA Server and Beyond: http://tinyurl.com/1jq1
> > > Configuring ISA Server: http://tinyurl.com/1llp
> > > 
> > >  
> > >  
> > > 
> > > 
> > > -----Original Message-----
> > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] 
> > > Sent: Sunday, February 16, 2003 11:03 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Web proxy or Firewall Client (to be or not to
> be)
> > > 
> > > 
> > > http://www.ISAserver.org
> > > 
> > > 
> > > Hi, thanks for your time.
> > > 
> > > Web Proxy Clients appears as Firewall Clients!!!???
> > > 
> > > 1. I have ISA Server (SP1) installed on a w2k.
> > > 2. The objects of the ISA are in the Active Directory 
> > > Schema.
> > > 3. There are Two NICs on the ISA Server PC.
> > > 
> > > When I configure a rule for FTP Access "Applied to any 
> > > request o to a group of IPs" everything is ok, but when I 
> > > Applie this rule to a especific group of users there is no 
> > > access and the Clients appears to be Firewall clients.
> > > Some days ago I installed a computer with W95, IE 3.01 and 
> > > while nobody got access to FTP sites aoutside my network 
> > > that PC got it, I updated IE to version 4.0 and everything 
> > > OK, but que updated to IE 5.0, the situation was the same 
> > > for this PC too. When I install firewall client software 
> > > on workstatios no more problen with FTP access, but I 
> > > think taht is not the solution. This situation is diferent 
> > > with HTTP, I separate the rules (one for FTP & one for 
> > > HTTP) and I am applying the rule to the especific group of 
> > > users without problems.
> > > 
> > > Does anyone know what is going on?
> > > 
> > > Thanks for your time, again.
> > > 
> > > 
> > > Saludos,
> > > 
> > > Lesky Alfonso M.
> > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> > as:
> > > tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> > as:
> > > leskyam@xxxxxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > leskyam@xxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> leskyam@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)
• » RE: Web proxy or Firewall Client (to be or not to be)

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---