RE: Allowing MSN Messenger thru ISA
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 7 Jul 2004 07:21:20 -0500
Hi Joseph,
Exactly. Its easy to automate the Firewall client install so for
supported operating systems, the only reasons for not installing the
Firewall client is that you want lower security, less functionality and
lower performance. If I wanted to meet those design goals, I'd get a pix
:-)
Thanks!
Tom
-----Original Message-----
From: josephk [mailto:josephk@xxxxxxxxx]
Sent: Wednesday, July 07, 2004 6:45 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org
Hi Thomas,
That's what I was saying the other day!
Why not install the firewall client in an administrative share mode.
And then if using AD you could assign it to the groups that need to
download it and provide that feature in that way. Or by having the
install done in the start up script on a one time basis would also work.
Easier on the admins that way.
Thank you,
Joseph
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 07, 2004 4:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org
Hi Atif,
Yes, there is a workaround. Create an application filter (or have your
C++ programmers create it) to support the IM protocols for SecureNAT
clients. Then make some money by selling that filter to everyone else
who doesn't want to install the firewall client.
Did you know that you can automate firewall client installation?
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
-----Original Message-----
From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx]
Sent: Wednesday, July 07, 2004 12:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org
Actually, I have tried that script on 2 ISA SERVER's, one on
Integerated Mode and other on Cached Mode and eventually, it didn't work
on Cached Mode.
Since, we don't use the Firewall Client, IM's are not working
either and the point is clear now, if I got to use IM then I have to use
Firewall Client, thanks for the information, but again I feel like there
should be some workaround.
Thanks for all the suggestions.
Cheers,
Athif
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx
<mailto:jim@xxxxxxxxxxxx> ]
Sent: Tuesday, July 06, 2004 9:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org <http://www.ISAserver.org>
The script REQUIRES the firewall client on the LAT host.
Web Proxy clients are NOT affected by these policy changes,
since the web proxy only handles HTTP(s), FTP and Gopher (note that NO
IM protocols are listed here).
You login problems are likely related to some other failure.
In one mail, you tried to run the script on a Cache mode ISA; is
this a separate ISA or did you reinstall in Integrated mode with
the same network model in place?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver <http://www.microsoft.com/isaserver>
http://isaserver.org/Jim_Harrison
<http://isaserver.org/Jim_Harrison>
http://isatools.org <http://isatools.org>
Read the help, books and articles!
----- Original Message -----
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, July 06, 2004 11:07
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org <http://www.ISAserver.org>
Jim, Thanks a lot for the answer.So this script wont work
without the Firewall Client. Actually, we don't have Firewall Client
installed at our network.
I have tried to run MSNIM.zip successfully in ISA Integerated
mode, but still I am unable to log in MSN Messneger. Jim do you have any
work around for this, because, even if the script creates all the rules
then why cant web proxy client access MSN Messenger??
Will this script work only if we have Firewall client
installed??
Thanks for your time,
AThif
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx
<mailto:jim@xxxxxxxxxxxx> <mailto:jim@xxxxxxxxxxxx
<mailto:jim@xxxxxxxxxxxx> > ]
Sent: Tuesday, July 06, 2004 7:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org <http://www.ISAserver.org>
<http://www.ISAserver.org <http://www.ISAserver.org> >
Cache mode doesn't support IM complex features like voice, app
sharing, etc. The script can't run in that environment because all the
changes it makes depend on Firewall features.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver <http://www.microsoft.com/isaserver>
<http://www.microsoft.com/isaserver
<http://www.microsoft.com/isaserver> >
http://isaserver.org/Jim_Harrison
<http://isaserver.org/Jim_Harrison> <http://isaserver.org/Jim_Harrison
<http://isaserver.org/Jim_Harrison> >
http://isatools.org <http://isatools.org> <http://isatools.org
<http://isatools.org> >
Read the help, books and articles!
----- Original Message -----
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, July 06, 2004 09:18
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org <http://www.ISAserver.org>
<http://www.ISAserver.org <http://www.ISAserver.org> >
We have a large network and we have to install that on each
machine, instead we prefer direct web proxy...and so we have avoided
firewall cleint.. one more question, i am tyring to run MSNIM.zip on ISA
cached mode, but it fails?
Thanks,
Athif
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx
<mailto:tshinder@xxxxxxxxxxx> <mailto:tshinder@xxxxxxxxxxx
<mailto:tshinder@xxxxxxxxxxx> > ]
Sent: Monday, July 05, 2004 6:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org <http://www.ISAserver.org>
<http://www.ISAserver.org <http://www.ISAserver.org> >
Why are you not using the Firewall client?
Tom
<http://www.isaserver.org/shinder
<http://www.isaserver.org/shinder> <http://www.isaserver.org/shinder
<http://www.isaserver.org/shinder> > > www.isaserver.org/shinder
<www.isaserver.org/shinder> Get the book! Tom and Deb Shinder's
Configuring ISA Server 2004 <http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> > > http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls
-----Original Message-----
From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx
<mailto:mathif@xxxxxxxxxxxxxxx> <mailto:mathif@xxxxxxxxxxxxxxx
<mailto:mathif@xxxxxxxxxxxxxxx> > ]
Sent: Monday, July 05, 2004 6:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing MSN Messenger thru ISA
http://www.ISAserver.org <http://www.ISAserver.org>
<http://www.ISAserver.org <http://www.ISAserver.org> >
We don't use Firewall Client, its rather direct Web Proxy
Client.. Any thougts?? Cheers, Athif
-----------------------------------------------------
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom/which they are addressed. If you have received this email in error
please notify the system manager at the following email address:
sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that
any views or opinions presented in this email are solely those of the
author and do not necessarily represent those of Al Faisaliah Group.
Internet communications cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, arrive late or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the context of this message, which arise as a
result of Internet transmission. Finally, the recipient should check
this email and any attachments for the presence of viruses. Al Faisaliah
Group accepts no liability for any damage caused by any virus
transmitted by this email.
-----------------------------------------------------
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
