securenat clients

  • From: Paul Noble <pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 6 Oct 2005 17:19:48 +0100

Allo,

I've had a bit of a hunt around for this answer but its eluded me yet.

We've got a really simple flat network with no 'gateway' defined in the dhcp
gateway options. All the clients have the firewall client installed. The isa
server has 2 nic, on internal and one external. The isa internal nic has the
isp dns addresses but no gateway, the external has no dns and the router
gateway.

I've changed all the access rules that pertain to the users to be for
authenticated users or a specific group so there are no 'all users' rules
other than denies.

We use a few programs that I've setup specific protocols for and looking at
the sessions monitoring tab I see them connecting as firewall clients.

However when I filter sessions for securenat clients I still see between
10-20 clients showing up. It seems to be fairly active with sessions
appearing and disconnecting but some connections stay connected all the
time.

Is this client applications trying to connect via the securenat
unauthenticated route, failing and then connecting as a firewall client?

I'd like to be able to trace what these securenat clients apps are, but the
client username and application name always remain empty. Is there a way of
tracking these using the logging features? I've tried picking one of the ips
that are long time securenat connected and logging that client ip but it
doenst show up anything beyond anonymous denied wspad entrys to the isa
server.

Apologies for the long winded nature of this question.


Other related posts: