NO. NOT true. Read my previous or following message, depending on the order they appear on the list. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Tuesday, January 17, 2006 6:26 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Continued issues with particular site > > http://www.ISAserver.org > > Further to my last emai, I'd just like to make sure I've got > this straight-- > > What use is Direct Access, and of what use is there in having > the Firewall > config set not to use web proxy and going into IE and set to > not use web > proxy and loading the firewall when it still uses the Web > Proxy Filter if it > is bound to HTTP? > > That seems ridiculous to me. To access one lousy site I have > to unbind Web > Proxy Filter from the HTTP protocol altogether? Doing so > prevents me from > using the HTTP filter as well. This surely cannot be the case, is it? > > t > > ----- > "I'll see your Llama and up you a Badger." > John T > > > > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, January 17, 2006 2:07 PM > Subject: [isalist] RE: Continued issues with particular site > > > http://www.ISAserver.org > > The FWC will stuff use the Web proxy filter if the Web proxy filter is > still bound to the HTTP protocol. There are a number of > workarounds, but > the one I use because it's the easiest :) is to just unbind the Web > proxy filter from the HTTP protocol and then configure the sites for > Direct Access. > > This enables me to continue to benefit from the Web proxy > filter and its > HTTP security filter for Web proxy client connections > (machines that are > explicitly configured as Web proxy clients) and bypass the Web proxy > filter for all SecureNAT (SecureNET) and FWC connections. > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Tuesday, January 17, 2006 3:59 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Continued issues with particular site > > > > http://www.ISAserver.org > > > > That what I was saying to myself... the "Via" tells all. But > > check it-- > > I've got both the IP and the *.domain.com in the direct > > access tab for the > > source (listening) network config, I've got the firewall > > client loaded and > > refreshed, I've unchecked "use proxy" on the firewall client > > config for the > > network config, I've made sure the client is not set to use a > > proxy in IE. > > > > Yet, the capture stills says "Via." > > > > WTF now? > > > > t > > > > ----- > > "I'll see your Llama and up you a Badger." > > John T > > > > > > > > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Tuesday, January 17, 2006 1:44 PM > > Subject: [isalist] RE: Continued issues with particular site > > > > > > http://www.ISAserver.org > > > > That's NOT a DIRECT ACCESS connection! > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > Sent: Tuesday, January 17, 2006 3:41 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI > > > MailSecurity's HTML threat engine found HTML scripts in this > > > email and has disabled > them.</font></b></p>http://www.ISAserver.org > > > > > > So, I've basically honed it down to this. Here is what we > > get on the > > > external interface after the client issues the POST for the > > > tracking number: > > > > > > HTTP/1.1.100.Continue..Server:.Microsoft-IIS/5.0..Date:.Tue,.1 > > > 7.Jan.2006.21:03:46.GMT.... > > > -then- > > > HTTP/1.1.200.OK..Server:.Microsoft-IIS/5.0..Date:.Tue,.17.Jan. > > 2006.21:03:46.GMT..Connection:.close..Content-> > > Type:.text/html..............<HTML>......<HEAD>..........<META > > > .http-equiv="Expires".content="0">..........<META.http-equiv=" > > > Pragma".content="no-cache">..........<META.http-equiv="Cache-C > > > ontrol".content="no-cache">.........<LINK.type="text/css".href > > > ="include/master.css" > > > .rel="stylesheet">..........<SCRIPT.type="text/javascript".src=" > > > include/form_validation.js"></XCRIPT>..........<SCRIPT.type="tex > > > t/javascript".src="include/multi_onload.js"></XCRIPT>..........< > > > TITLE>IPT,.LLC.</TITLE>......</HEAD>......<BODY.leftmargin="0".m > > > arginheight="0".marginwidth="0".topmargin="0">..............<TAB > > > LE.width="100%".border="0".cellspacing="0".cellpadding="0">... > > > ...........<TR> > > > > > > -- with the rest of the page following. > > > > > > But on the internal interface, this is what goes to the client: > > > > > > HTTP/1.1.100.Continue..Via:.1.1.ISA-VPN..Date:.Tue,.17.Jan.200 > > > 6.21:25:31.GMT..Server:.Microsoft-IIS/5.0... > > > . > > > HTTP/1.1.200.OK..Via:.1.1.ISA-VPN..Connection:.close..Proxy-Co > > nnection:.close..Date:.Tue,.17.Jan.2006.21:25:31.GMT..Content- > > Type:.text > > /html..Server:.Microsoft-> IIS/5.0.... > > > > > > > > > And that's it. It dies. > > > > > > > > > WTF? Anyone? Beuller? Anyone? > > > > > > t > > > > > > ----- > > > "I'll see your Llama and up you a Badger." > > > John T > > > > > > > > > > > > ----- Original Message ----- > > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Tuesday, January 17, 2006 12:09 PM > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > > > > > http://www.ISAserver.org > > > > > > > > That's my next step. I've compared captures from > > > direct/ISA (which was a > > > > waste of time) but now I'll have to see what I get in front > > > and behind > > > > ISA. Working on it now. > > > > > > > > t > > > > > > > > ----- > > > > "I'll see your Llama and up you a Badger." > > > > John T > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Jim Harrison" <Jim@xxxxxxxxxxxx> > > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > > Sent: Tuesday, January 17, 2006 9:41 AM > > > > Subject: [isalist] RE: Continued issues with particular site > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > Got captures? > > > > We can determine a *lot* from a two-sided capture... > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > > Sent: Tuesday, January 17, 2006 09:06 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] Continued issues with particular site > > > > > > > > http://www.ISAserver.org > > > > > > > > I've still not been able to solve the problem with this one > > > particular > > > > page on a site we must use to track service calls. My > > > users can log on to > > > > the site fine, and access parts of the site, but when we > > go to this > > > > particular page to track issues by number, it comes up with > > > a blank page. > > > > > > > > "View Source" shows the right tags, <HTML> through </HTML>, > > > but there is > > > > no content. Accessing outside of ISA works fine. I've > > > tried FW Client, > > > > Proxy Client, changing authentication on both the rule and > > > the network > > > > proxy listener, entering "Direct Access," etc, removing the > > > HTTP filter, > > > > etc and nothing works. > > > > > > > > The logs show the site being accessed properly, though the > > > page is blank. > > > > > > > > Where to turn? Is it PSS time? > > > > > > > > t > > > > > > > > > > > > > > > > > > > > ----- > > > > "I'll see your Llama and up you a Badger." > > > > John T > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > thor@xxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > thor@xxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: > > thor@xxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >