[isalist] Re: proxy configuration
- From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 31 Oct 2006 16:14:58 +1100
Hi Ara,
Sounds like a typical vendor help desk,
"We'll give you all the support you need, provided you run the application on
whitebox clones, direct internet connection, and only if you call us on the 3rd
sunday after your Grandmothers 50th birthday.........."
Is there anything else that could be coming in to play here ?
e.g. Internet Security from Symantec acting as either a firewall /or pop up
blocker or both, is there a third party free or commercial pop up blocker
installed, Is there one of the free firewall walls like zone alarms installed
on the PC, Is windows defender or a similar Spyware blocker installed,
Have you carefully viewed the logs on the ISA to make sure that the
applicatrion is not trying to open a connection on a non standard port.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ara Avvali
Sent: Tue 31/Oct/2006 16:03
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: proxy configuration
Hi Mohamed,
Yes it is pretty much the same situation. The problem is their tech support
doesn't help anything at all as soon as they see the proxy address in internet
explorer. All they say is disable the IE pop up blocker and increase the cache
size to 2 GB in IE. Anyway we are moving to stand alone version of payroll by
January so that would be the end of it.
Thanks anyway
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of mohamed saleh
Sent: Monday, October 30, 2006 8:23 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: proxy configuration
Ara,
Let we think slowly,
you said that the client can connect to the site successfully and login
correctly till he see the icons of the payroll program, and it takes long time
if he press any button further, right...
Allright, it's some how like Connecting to hotmail....
you connect to hotmail site and login correctly and then you can do anything in
ur hotmail acount and press any button you want,
so I think that site is using a some kind of scripting or programing language
or authentication method, which you should enable it to pass through ISA....
The hotmail, for example, check for the authentication and authorization to
every page to ensure that this user account is the same user account and is not
man in the middle,...
So, I think you have to check with them how they make thier online
authentication and authorization, and I think this might be help
----- Original Message -----
From: Ara Avvali <mailto:Ara.Avvali@xxxxxxxxxxxxx>
To: isalist@xxxxxxxxxxxxx
Sent: Friday, October 27, 2006 7:15 PM
Subject: [isalist] Re: proxy configuration
Hi Dan,
Would you mind keeping me posted if you find the help reference? Thank
you
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan
Sent: Friday, October 27, 2006 10:11 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: proxy configuration
If you recall, a month or so ago I had problems with similar symptoms.
I'll have to go back through my messages and see what the final result was, as
I think it was a combination of things like DNS resolution, wpad retrieval,
auto-configuration, etc...
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ara Avvali
Sent: Friday, October 27, 2006 11:58 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: proxy configuration
Hi Jim,
Thanks for your response. The problem I have we are using a web based
ADP payroll by going to https://payex.adp.com. As you notice it requires an
assigned certificate to go to site. Client is a xp sp2 with pop up blocker
disabled and there is an allow rule on top going from internal to *.adp.com
which allows all users access.
Problem is behind ISA pages load slowly (2-3 times slower) and
sometimes they even time out. Checking on live monitoring I found that
connections are going to njpod18.adp.com which I think *.adp.com should cover
it. If I connect the client directly to the router in front of ISA then
everything works as fast as expected. Yesterday there was a threat about speed
and Tom mentioned increasing connections should help. Even that gave me no luck.
I have convinced the accounting that we should migrate to installed
version of payroll program instead of web based. But that could be done after
January. For now on I just connect one of machines directly to internet and let
them do the payroll but that is not the practical solution. Man what a mess it
would be if I deploy IE7 and the certificate check it has.
I was wondering if anyone has any experience with this problem. ADP
support as soon as they see a proxy server set in IE, then it is my side to
figure out the problem. They have no documents about it. I found some
instructions but that was no help either. That was why I tried the direct
access solution.
http://isainsbs.blogspot.com/2006/01/allowing-adp-through-isa-2004.html
http://forums.isaserver.org/m_2002000597/mpage_1/key_/tm.htm#2002029215
Appreciated
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Thursday, October 26, 2006 6:25 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: proxy configuration
You're shotgunning, Ara.
Creating an "allow all" rule has nothing to do with "speed".
Unless *.adp is part of the network structure that it "local" to the
browser client, adding it to the web browser and domains data is inappropritate.
Proxycfg has nothing to do with IE settings or IE behavior.
Can you explain what you mean by "speed problems"?
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ara Avvali
Sent: Thursday, October 26, 2006 4:32 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] proxy configuration
Hello everyone.
I added *.adp.com for direct access to adp site. Created a rule to
allow all outbound traffic from internal to *.adp.com but I still have speed
issues. So I ran the proxycfg on the client which is xp sp2 with firewall
client installed and it is telling me nothing is set for direct access. Any
idea why? Appreciated
All mail to and from this domain is GFI-scanned.
Other related posts:
