Hi, Tom Here you are the requested file, inside I send you a fragment of both, Web Proxy and Firewall logs. Thanks for your time again Tom. Note. The file is compressed. -----Original Message----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Date: Mon, 17 Feb 2003 19:21:49 -0600 Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be) > http://www.ISAserver.org > > > Hi Alfonso, > > That is correct. If the machine is configured as a Web Proxy client > only, you should see connections only with the Web Proxy service. Then > you can post your Web Proxy logs with the problematic entries and we > can > determine what the problem might be. > > Thanks! > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > -----Original Message----- > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > Sent: Monday, February 17, 2003 1:39 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > be) > > > http://www.ISAserver.org > > > Hi again. > > Let me ask you somthing > I have a workstation with an internal IP: 192.168.60.x, I configure the > IE to point to ISA Server 8080, there is not firewall client software > in > > this workstation this is a Web Proxy Client. Right? > > I have configured the HTTP Redirector since you adviced to mi, but > nothing. > > Saludos, > > Lesky Alfonso M. > > > -----Original Message----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Date: Mon, 17 Feb 2003 01:19:29 -0600 > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > be) > > > http://www.ISAserver.org > > > > > > Hi Alfonso, > > > > There should be no entries in your firewall logs, since the clients > are > > not configured as Web Proxy or SecureNAT clients. They should be > > configured as Web Proxy clients only. To ensure that only Web Proxy > > clients are able to access the Internet, configure the HTTP > Redirector > > to drop requests from SecureNAT and Firewall clients. > > > > Then you can analyze the Web Proxy service logs to determine why the > > client can and cannot access FTP sites. Make sure all fields are > > enabled, so that you can tell which rule is alllowing/denying access. > > > > HTH, > > Tom > > > > Thomas W Shinder > > www.isaserver.org/shinder > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > -----Original Message----- > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > > Sent: Monday, February 17, 2003 1:01 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > > be) > > > > > > http://www.ISAserver.org > > > > > > Hi, thaks for your time. > > > > Yes, the clients are logged onto the domain, I have reviewed the > logs, > > no > > just Web proxy logs, the Firewall logs too. > > > > Look at the Firewall log when a client request a FTP site: > > > > 192.168.60.2 - - 06:52:04 - 169.158.1.20 > > 21 > > 21 TCP Connect 13301 - S&C A Sitios ONAT > > 192.168.60.2 - - 06:52:04 - 169.158.1.20 > > 21 > > 21 TCP Connect 13301 - S&C A Sitios ONAT > > > > Why with older vertions of IE I haven't problem with this? > > > > Note. > > One more data: RAS Clients can navegate FTP Sites. > > > > > > -----Original Message----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Date: Mon, 17 Feb 2003 00:26:46 -0600 > > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > > be) > > > > > http://www.ISAserver.org > > > > > > > > > Hi Alfonso, > > > > > > You need to configure the clients as Web Proxy clients and you need > > to > > > configure the HTTP Redirector to drop requests from Firewall client > > and > > > SecureNAT clients. At that point, only requests from Web Proxy > > clients > > > will be accepted by the Web Proxy service. > > > > > > However, since you're not using the SecureNAT or Firewall client > > > configurations, the ONLY way the clients will access external FTP > > sites > > > is via the Web Proxy service. Make sure the clients log onto the > > domain > > > so that they have credentials to the send the Web Proxy service. > > > > > > Review your Web Proxy logs for troubleshooting issues. > > > > > > HTH, > > > Tom > > > > > > Thomas W Shinder > > > www.isaserver.org/shinder > > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > > > > > > > > > > > > > -----Original Message----- > > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > > > Sent: Sunday, February 16, 2003 11:40 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not > to > > > be) > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > Thanks, but It did not work. > > > > > > The clients making the request are not SecureNAT clients nor > Firawall > > > Clients. They are just trying to access FTP sites outsite the LAN > > with > > > > > IE. Remember I wrote that IE versions up to 4.0 works fine. > > > > > > Saludos, > > > > > > Lesky Alfonso M. > > > > > > > > > -----Original Message----- > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Date: Sun, 16 Feb 2003 23:13:59 -0600 > > > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not > to > > > be) > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > Hi Alfonso, > > > > > > > > Configure the HTTP Redirector to drop requests from SecureNAT and > > > > Firewall clients. Then require authentication. > > > > > > > > HTH, > > > > Tom > > > > > > > > Thomas W Shinder > > > > www.isaserver.org/shinder > > > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > > > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > > > > Sent: Sunday, February 16, 2003 11:03 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] Web proxy or Firewall Client (to be or not to > > be) > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > Hi, thanks for your time. > > > > > > > > Web Proxy Clients appears as Firewall Clients!!!??? > > > > > > > > 1. I have ISA Server (SP1) installed on a w2k. > > > > 2. The objects of the ISA are in the Active Directory > > > > Schema. > > > > 3. There are Two NICs on the ISA Server PC. > > > > > > > > When I configure a rule for FTP Access "Applied to any > > > > request o to a group of IPs" everything is ok, but when I > > > > Applie this rule to a especific group of users there is no > > > > access and the Clients appears to be Firewall clients. > > > > Some days ago I installed a computer with W95, IE 3.01 and > > > > while nobody got access to FTP sites aoutside my network > > > > that PC got it, I updated IE to version 4.0 and everything > > > > OK, but que updated to IE 5.0, the situation was the same > > > > for this PC too. When I install firewall client software > > > > on workstatios no more problen with FTP access, but I > > > > think taht is not the solution. This situation is diferent > > > > with HTTP, I separate the rules (one for FTP & one for > > > > HTTP) and I am applying the rule to the especific group of > > > > users without problems. > > > > > > > > Does anyone know what is going on? > > > > > > > > Thanks for your time, again. > > > > > > > > > > > > Saludos, > > > > > > > > Lesky Alfonso M. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Exchange Server Resource Site: http://www.msexchange.org/ > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > List > > > as: > > > > tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe send a blank email to > > > > $subst('Email.Unsub') > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Exchange Server Resource Site: http://www.msexchange.org/ > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > List > > > as: > > > > leskyam@xxxxxxxxxxxxxxx > > > > To unsubscribe send a blank email to > > > > $subst('Email.Unsub') > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Exchange Server Resource Site: http://www.msexchange.org/ > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Exchange Server Resource Site: http://www.msexchange.org/ > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > leskyam@xxxxxxxxxxxxxxx > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List > as: > > tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List > as: > > leskyam@xxxxxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > leskyam@xxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub')