RE: FW: RE: Internet explorer proxy settings

• From: "Aman Bedi" <gurkirpal.bedi@xxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 19 Sep 2004 00:40:13 -0400

Thanks Tom, 

It was your help and my determination to find a solution which helped.
I am sure I will be facing more problems in the future and I will have to
rely on you and ask for your expert advice.
Hope to have such intelligent talks in the future too.

Is your book almost done ? I had preordered it more than a month back....

Thanks and all the best
Aman


----------------------------------------------------------------------------
-------------------------------------


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 11:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Internet explorer proxy settings

http://www.ISAserver.org

Hi Aman,

Thank you! You had the ingenuity to think of a solution that I completed
forgot about!

Good to hear you got it working and thanks for the follow up on your
solution.

Thanks!
Tom 

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 7:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Internet explorer proxy settings

http://www.ISAserver.org

YES YES YES 

I disabled IE in firewall client settings on ISA server and .... :)

If proxy is not disabled and even if firewall client is installed, IE is
unable to access the web.

So this way users are forced to use proxy. If they change they have
nothing ... 

:)

Feels good to find a solution after banging your head.

Thanks Tom, for the inspiration and motivation and all the help.
I am starting to fall in love with ISA :)

Thanks


Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com 

PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use
of the person or entity to whom it is addressed. The contained
information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from
disclosure under applicable laws. If you read this message and are not
the addressee, you are notified that use, dissemination or reproduction
of this message is prohibited. If you have received this message in
error, please notify the sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------


-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 7:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Internet explorer proxy settings

http://www.ISAserver.org

Tom, 

As I read this article,

http://www.isaserver.org/articles/2004olpop3smtp.html

here you say that outlook is disabled by default and connections from
outlook are not accepted by the firewall.

Can I make such a rule to disable iexplore.exe so that internet explorer
is
not able to make connections to the firewall .
Will this solve my issue..and force me to use proxy to access internet ?


Aman

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 7:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Internet explorer proxy settings

http://www.ISAserver.org

So Tom, 
Nothing can be done with firewall client settings to block Http or IE ?



-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 6:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Internet explorer proxy settings

http://www.ISAserver.org

Hi Tom, 

I tested with proxy filter enabled and disabled.
Surf control just doesn't monitor those connections from firewall
client.
It monitors only if the proxy settings are specified in IE.
Otherwise the real time monitor doesn't show the connections and
restricted
sites are not blocked.

I think it would be great if you could test when u get time.
I assumed that too that if credentials are passed by firewall client to
web
proxy service in 2004 then surf control should use it.

Do u know of other web filters which use firewall client credentials ?
And any idea about what I said about firewall client settings on ISA
server...(disabling applications like IE etc )? 

Thanks 



-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 5:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Internet explorer proxy settings

http://www.ISAserver.org

Hi Aman,

So, when the Web Proxy filter is enabled, the connection is completely
ignored by SurfControl? The 2004 ISA firewall passes user credentials to
the Web Proxy filter, so I would have assumed that the same controls
would apply. Might be a bad assumption on my part :(

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 3:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Internet explorer proxy settings


http://www.ISAserver.org

Tom, 

Hmmm. This is what I have tested so far, and u know how smart users are
these days. If they know they can visit a site if they disable proxy ,
they
will.

It is a disappointment that we cant have the same feature as we had in
ISA
2000.

Do you know of any other web filter then which can use firewall client
authentication to prevent access to web sites in addition to proxy
clients.
If yes, then my problem is still solved. Surf control just uses proxy
authentication and that is no good for me.

Thanks



-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 4:47 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: RE: Internet explorer proxy settings

http://www.ISAserver.org

Hi Aman,

Hmmm. That I can't tell you. I can tell you that when machines are
configured as both Web Proxy and Firewall clients, the Web Proxy
configuration is used preferentially. I don't think the full
functionality of the HTTP Redirector is included with 2004. However, as
long as the users don't disable the Web Proxy client config, it will
always be used

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



http://www.ISAserver.org

Hi Aman,

Unbind the Web Proxy filter from the HTTP protocol. Open the properties
of the HTTP protocol definition and uncheck the Web Proxy filter. This
is a global setting.

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 2:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet explorer proxy settings


http://www.ISAserver.org

Tom, 

I know that. I am not using securenat clients.
What I want to know is , is there a way like in ISA 2000, where in the
HTTP
aapplicator filter we said "drop all http request from firewall
clients"????

I don't want my clients to use Firewall client for HTTP ....
I want them to use proxy. It should be proxy or it wont work.
As I said surfcontrol does not work with firewall client authentication
and
this is causing problem.

I have proxy and firewwall client installed. But if user change proxy
settings or use a different browser they use firewall client and I am
unable
to restrict them using surfcontrol.

In isa 2000, it was simple to just ay drop securenat and firewall
clients
HTTP traffic and forced them to be proxy.
I want the same thing in ISA 2004,,,,

Is it POSSIBLE ?

I know I can use group policy , but I don't want that. Some user have
admin
rights and that's not the best solution. 

If it was in 2000 why not in 2004 ?

I hope you understand what I am try ing to say, coz I don't find a
simple
solution for a very simple thing .

Thanks 


------------------------------------------------------------------------
----
-------------------------------------


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 3:08 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet explorer proxy settings

http://www.ISAserver.org

Hi Aman,

If you require authentication for all rules, connections from SecureNAT
clients will fail because they can't authenticate.

HTH,
Tom 

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Saturday, September 18, 2004 1:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet explorer proxy settings

http://www.ISAserver.org



Hi Tom, 

Still waiting for a solution.

Is there nothing in ISA 2004 , like to 2000 to say "drop HTTP traffic
from Firewall and secureNAt clients" ?

There has to be a way in 2004 to do something which we could do in 2000

I hope u read my problem below. Please suggest .


Aman


-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Friday, September 17, 2004 5:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet explorer proxy settings

http://www.ISAserver.org

Ok, 

What if they have another browser like , mozilla?

So that means there is nothing in isa 2004 to drop http traffic from
firewall client like in 2000 ?

 Thanks


Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com 

PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use
of the person or entity to whom it is addressed. The contained
information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from
disclosure under applicable laws. If you read this message and are not
the addressee, you are notified that use, dissemination or reproduction
of this message is prohibited. If you have received this message in
error, please notify the sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------


-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Friday, September 17, 2004 5:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet explorer proxy settings

http://www.ISAserver.org

Force proxy settings through Group Policy.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings
• » RE: FW: RE: Internet explorer proxy settings

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---