Thanks Tom, It was your help and my determination to find a solution which helped. I am sure I will be facing more problems in the future and I will have to rely on you and ask for your expert advice. Hope to have such intelligent talks in the future too. Is your book almost done ? I had preordered it more than a month back.... Thanks and all the best Aman ---------------------------------------------------------------------------- ------------------------------------- -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 11:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Internet explorer proxy settings http://www.ISAserver.org Hi Aman, Thank you! You had the ingenuity to think of a solution that I completed forgot about! Good to hear you got it working and thanks for the follow up on your solution. Thanks! Tom -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 7:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Internet explorer proxy settings http://www.ISAserver.org YES YES YES I disabled IE in firewall client settings on ISA server and .... :) If proxy is not disabled and even if firewall client is installed, IE is unable to access the web. So this way users are forced to use proxy. If they change they have nothing ... :) Feels good to find a solution after banging your head. Thanks Tom, for the inspiration and motivation and all the help. I am starting to fall in love with ISA :) Thanks Scanbuy Inc Aman Bedi | Systems/Network Administrator 54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com PRIVILEGED & CONFIDENTIAL The information contained in this email message is intended only for use of the person or entity to whom it is addressed. The contained information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under applicable laws. If you read this message and are not the addressee, you are notified that use, dissemination or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ ---- ------------------------------------- -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 7:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Internet explorer proxy settings http://www.ISAserver.org Tom, As I read this article, http://www.isaserver.org/articles/2004olpop3smtp.html here you say that outlook is disabled by default and connections from outlook are not accepted by the firewall. Can I make such a rule to disable iexplore.exe so that internet explorer is not able to make connections to the firewall . Will this solve my issue..and force me to use proxy to access internet ? Aman -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 7:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Internet explorer proxy settings http://www.ISAserver.org So Tom, Nothing can be done with firewall client settings to block Http or IE ? -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 6:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Internet explorer proxy settings http://www.ISAserver.org Hi Tom, I tested with proxy filter enabled and disabled. Surf control just doesn't monitor those connections from firewall client. It monitors only if the proxy settings are specified in IE. Otherwise the real time monitor doesn't show the connections and restricted sites are not blocked. I think it would be great if you could test when u get time. I assumed that too that if credentials are passed by firewall client to web proxy service in 2004 then surf control should use it. Do u know of other web filters which use firewall client credentials ? And any idea about what I said about firewall client settings on ISA server...(disabling applications like IE etc )? Thanks -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 5:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Internet explorer proxy settings http://www.ISAserver.org Hi Aman, So, when the Web Proxy filter is enabled, the connection is completely ignored by SurfControl? The 2004 ISA firewall passes user credentials to the Web Proxy filter, so I would have assumed that the same controls would apply. Might be a bad assumption on my part :( Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 3:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Internet explorer proxy settings http://www.ISAserver.org Tom, Hmmm. This is what I have tested so far, and u know how smart users are these days. If they know they can visit a site if they disable proxy , they will. It is a disappointment that we cant have the same feature as we had in ISA 2000. Do you know of any other web filter then which can use firewall client authentication to prevent access to web sites in addition to proxy clients. If yes, then my problem is still solved. Surf control just uses proxy authentication and that is no good for me. Thanks -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 4:47 PM To: [ISAserver.org Discussion List] Subject: [isalist] FW: RE: Internet explorer proxy settings http://www.ISAserver.org Hi Aman, Hmmm. That I can't tell you. I can tell you that when machines are configured as both Web Proxy and Firewall clients, the Web Proxy configuration is used preferentially. I don't think the full functionality of the HTTP Redirector is included with 2004. However, as long as the users don't disable the Web Proxy client config, it will always be used HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls http://www.ISAserver.org Hi Aman, Unbind the Web Proxy filter from the HTTP protocol. Open the properties of the HTTP protocol definition and uncheck the Web Proxy filter. This is a global setting. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 2:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet explorer proxy settings http://www.ISAserver.org Tom, I know that. I am not using securenat clients. What I want to know is , is there a way like in ISA 2000, where in the HTTP aapplicator filter we said "drop all http request from firewall clients"???? I don't want my clients to use Firewall client for HTTP .... I want them to use proxy. It should be proxy or it wont work. As I said surfcontrol does not work with firewall client authentication and this is causing problem. I have proxy and firewwall client installed. But if user change proxy settings or use a different browser they use firewall client and I am unable to restrict them using surfcontrol. In isa 2000, it was simple to just ay drop securenat and firewall clients HTTP traffic and forced them to be proxy. I want the same thing in ISA 2004,,,, Is it POSSIBLE ? I know I can use group policy , but I don't want that. Some user have admin rights and that's not the best solution. If it was in 2000 why not in 2004 ? I hope you understand what I am try ing to say, coz I don't find a simple solution for a very simple thing . Thanks ------------------------------------------------------------------------ ---- ------------------------------------- -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 3:08 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet explorer proxy settings http://www.ISAserver.org Hi Aman, If you require authentication for all rules, connections from SecureNAT clients will fail because they can't authenticate. HTH, Tom -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Saturday, September 18, 2004 1:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet explorer proxy settings http://www.ISAserver.org Hi Tom, Still waiting for a solution. Is there nothing in ISA 2004 , like to 2000 to say "drop HTTP traffic from Firewall and secureNAt clients" ? There has to be a way in 2004 to do something which we could do in 2000 I hope u read my problem below. Please suggest . Aman -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Friday, September 17, 2004 5:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet explorer proxy settings http://www.ISAserver.org Ok, What if they have another browser like , mozilla? So that means there is nothing in isa 2004 to drop http traffic from firewall client like in 2000 ? Thanks Scanbuy Inc Aman Bedi | Systems/Network Administrator 54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com PRIVILEGED & CONFIDENTIAL The information contained in this email message is intended only for use of the person or entity to whom it is addressed. The contained information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under applicable laws. If you read this message and are not the addressee, you are notified that use, dissemination or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ ---- ------------------------------------- -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Friday, September 17, 2004 5:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet explorer proxy settings http://www.ISAserver.org Force proxy settings through Group Policy. John Tolmachoff Engineer/Consultant/Owner eServices For You ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx