RE: Deploying ISA 2004 firewall client - how to enforce?

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 13 May 2004 08:14:51 -0500

Hi Jason,
 
Here's a chapter from the ISA EDU kit. There a golden nuggets dispersed
through this kit.
 
http://www.tacteam.net/isaserverorg/isaedukit/5automate/5automate.htm
 
HTH,
Tom
 
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp> 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 

        -----Original Message-----
        From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx] 
        Sent: Thursday, May 13, 2004 7:53 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Deploying ISA 2004 firewall client - how
to enforce?
        
        
        http://www.ISAserver.org
        
        Hi Tom,
         
        Well thats what I thought....
         
        I've added the WPAD entries to the DHCP scope options (not sure
what you mean by DNS though....) but the firewall clients still aren't
automatically detecting the server. They can if I *manually* set it to
do that, or to "Detect now". It just isn't Enabled by default.
         
        It's driving me nuts :\
         
        Cheers,
         
        Jason
         


  _____  

                From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
                Sent: 13 May 2004 13:30
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Deploying ISA 2004 firewall
client - how to enforce?
                
                
                http://www.ISAserver.org
                
                Hi Jason,
                 
                OK, I think I understand now :-)
                 
                The best practice for provisioning the Firewall client
is by using autodiscovery via DHCP and DNS WPAD entries. Also, the
Firewall client share should be placed in an alternate location, so that
you can block NetBIOS and Direct Access (TCP 445) to the ISA firewall
itself.
                 
                The WPAD entries will point the Firewall clients to the
ISA firewall's internal interface and the Firewall clients will
automatically detect their settings. The default configuration of the
Firewall client is enabled and to use autodiscovery for
autoconfiguration.
                 
                HTH,
                Tom
                 
                 
                Thomas W Shinder
                www.isaserver.org/shinder
                ISA 2004 Beta - Get it now!
                http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp> 
                ISA Server and Beyond: http://tinyurl.com/1jq1
                Configuring ISA Server: http://tinyurl.com/1llp
                
                 

                        -----Original Message-----
                        From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx] 
                        Sent: Thursday, May 13, 2004 7:17 AM
                        To: [ISAserver.org Discussion List]
                        Subject: [isalist] RE: Deploying ISA 2004
firewall client - how to enforce?
                        
                        
                        http://www.ISAserver.org
                        
                        Hi Tom,
                         
                        The ISA Firewall is configured properly, and it
properly services users with properly configured Firewall Clients. It
looks like I didn't phrase that sentence properly:
                         
                        "But my point is that the firewall isn't used by
default. i.e. It's not active and needs to be configured before use."
                        should be
                        "But my point is that the firewall isn't used by
default. i.e. On client machines the Firewall Client not active and
needs to be configured before use."
                         
                        :)
                         
                        Jason


  _____  

                                From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx] 
                                Sent: 13 May 2004 12:47
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
                                
                                
                                http://www.ISAserver.org
                                
                                Hi Jason,
                                 
                                If the ISA firewall isn't configured,
the Firewall client isn't going to be much help. Right?
                                 
                                Tom
                                 
                                 
                                Thomas W Shinder
                                www.isaserver.org/shinder
                                ISA 2004 Beta - Get it now!
        
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp> 
                                ISA Server and Beyond:
http://tinyurl.com/1jq1
                                Configuring ISA Server:
http://tinyurl.com/1llp
                                
                                 

                                -----Original Message-----
                                From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx] 
                                Sent: Thursday, May 13, 2004 6:44 AM
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
                                
                                
                                http://www.ISAserver.org
                                
                                Hi Tom,
                                 
                                I can set the access rules to only allow
access through the firewall client. But my point is that the firewall
isn't used by default. i.e. It's not active and needs to be configured
before use.
                                 
                                Cheers,
                                 
                                Jason
                                 


  _____  

                                From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx] 
                                Sent: 13 May 2004 12:25
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
                                
                                
                                http://www.ISAserver.org
                                
                                Hi Jason,
                                 
                                If you configure your access rules
correctly, it'll enforce the use of the Firewall client :-)
                                 
                                HTH,
                                Tom
                                 
                                 
                                Thomas W Shinder
                                www.isaserver.org/shinder
                                ISA 2004 Beta - Get it now!
        
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp> 
                                ISA Server and Beyond:
http://tinyurl.com/1jq1
                                Configuring ISA Server:
http://tinyurl.com/1llp
                                
                                 

                                -----Original Message-----
                                From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx] 
                                Sent: Thursday, May 13, 2004 5:49 AM
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] Deploying ISA 2004
firewall client - how to enforce?
                                
                                
                                http://www.ISAserver.org
                                
                                Hi Chaps,
                                 
                                Is there a best practice for deploying
the ISA 2004 firewall client? I haven't found much on the net about
this...
                                 
                                Environment: Windows 2003 Servers,
Native mode, Domain, Windows XP clients. MSFWC.msi assigned to the
relevant machines through GPO (it installs fine but the use of the FWC
isn't enforced!)
                                 
                                From what I've gathered so far, it
appears that you just can't configure and enforce the use of of the
Firewall Client using group policy. This can't be the case, surely? I
can't see how the users can be prevented from just disabling or
reconfiguring the firewall client themselves. Am I missing something
here?
                                 
                                Please help!
                                 
                                Cheers,
                                 
                                Jason

                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Other Internet Software Marketing Sites:
                Leading Network Software Directory:
http://www.serverfiles.com
                No.1 Exchange Server Resource Site:
http://www.msexchange.org
                Windows Security Resource Site:
http://www.windowsecurity.com/
                Network Security Library: http://www.secinf.net/
                Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: j.merrique@xxxxxxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub') 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: