Sorry, Rick; I misspoke; I meant SmartFilter. Either way. it's the same; client requests need to come directly to the Web Proxy service or they can't be authenticated to it. Citrix is a non-Web-Proxy protocol, so the HTTP Redirector shouldn't affect it. Disabling the Redirector is not the same as having it enabled with "Reject". Disabling it causes all unauthenticated web requests from FW/SecureNAT clients to use any existing "allow" protocol rules that fit the request. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Kincer, Rick" <Rick_Kincer@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 17, 2002 11:58 AM Subject: [isalist] Re: HTTP Redirector that rejects all HTTP traffic http://www.ISAserver.org Jim, We not using SurfControl, we are using SmartFilter for web content filtering. Everything else is controlled through Site and Content Rules, Protocol Rules and Packet Filters. We keep Internet access pretty tight. Sorry if I gave the wrong impression. What do you think might be the problem with the Citrix ICA clients not working if I turn on the Redirector? I have a Protocol rule which allows ICA to enable it to work with the Redirector turned off. Also the ICA clients are using the Firewall client. Do you think It might be authentication that the ICA clients are having trouble with? I was understanding that having the Redirector disabled was the same as having the redirector active and Reject HTTP Traffic turned on? I am assuming that may not be the case? Thanks for the quick response! Rick -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, December 17, 2002 2:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: HTTP Redirector that rejects all HTTP traffic http://www.ISAserver.org Since you're using user/group-based rules with SurfControl on ISA, the best choice is "Reject", IMHO. That way, no one who can't auth to the ISA will get access. Then, SC can filter to it's heart's content. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Kincer, Rick" <Rick_Kincer@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 17, 2002 10:50 AM Subject: [isalist] HTTP Redirector that rejects all HTTP traffic http://www.ISAserver.org Hello, We have ISA Enterprise edition in Integrated mode in an NT environment being load balanced with RainWall. I have the HTTP Redirector disabled because I want to monitor, log and control Internet access, but in doing so I noticed that the Firewall clients can still access HTTP, I want to force them to be Web Clients and allow firewall clients to be used for FTP, RA and other apps. There is a setting in the HTTP Redirector that rejects all HTTP traffic, My question is: If I enable the Redirector and select the Reject HTTP selection will I still be able to log, monitor and using Site and Content Rules control the access of those using the Firewall Client? Will enabling this bypass the control? Won't they be forced to be a Web Client and the Firewall client will only be used for other apps? I enabled the Redirector once before and our Citrix ICA clients stopped working. Thanks for all your help! Rick List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rick_kincer@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') List Sponsored by Aspelle Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the Internet to quickly and cost-effectively manage and deliver secure, client-less access to all corporate applications (Web, Unix, Windows and legacy systems), for all users. More info at http://www.aspelle.com/info ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')