RE: ISA 2004 SP2 and Direct Access
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 8 Feb 2006 20:28:27 +0100
Hi Tom,
what kind of workarounds for the problem are you talking about? Can you
share them?
Thanks,
Stefaan
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: woensdag 8 februari 2006 19:27
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
http://www.ISAserver.org
Hi Tiago,
Perhaps. If you depend on your Direct Access list (and who doesn't?). Its
already caused me some lost hours of sleep, but I haven't characterized it
as well as Stefaan has, since I've found workarounds for the problem. I
don't want to do an article on it until the problem has been characterized
better by MS. I *suspect* its a known problem internally, but they don't
want to say anything until they have a fix or workaround.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
_____
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Wednesday, February 08, 2006 12:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
http://www.ISAserver.org
I guess I'll hold the SP2 upgrade 'till this is settled =)
Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu
conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido
esta mensagem por engano, queira por favor retorná-la ao destinatário e
apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou
disseminação desta mensagem ou parte dela é expressamente proibido. A
SoftSell não é responsável pelo conteúdo ou a veracidade desta informação.
>>> tshinder@xxxxxxxxxxx 8/2/2006 15:21 >>>
http://www.ISAserver.org
Hi Stefaan,
Ha! I thought I was going crazy when I kept saying that SP2 broke Direct
Access. I'm glad you're seeing the same thing. I thought perhaps it was
something whack with my test bed.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx]
Sent: Wednesday, February 08, 2006 10:42 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA 2004 SP2 and Direct Access
http://www.ISAserver.org
Hey guys,
There is a change in behavior if you configure sites for direct access
(ISA Internal Network properties -> Web Browser). It doesn't work the
same as in SP1!
This is the configuration: a workstation with the Firewall client
installed and IE configured with the routing script.
1. If you configure only the IP range for direct access:
a) a request by FQDN in IE is sent as a Web Proxy client request.
b) a request by IP in IE is sent as a Firewall client request.
2. If you configure only the domain for direct access:
a) a request by FQDN in IE is sent as a Web Proxy client request.
b) a request by IP in IE is sent as a Web Proxy client request.
3. If you configure both the domain *and* the corresponding IP range for
direct access:
a) a request by FQDN in IE is sent as a Firewall client request.
b) a request by IP in IE is sent as a Firewall client request.
So, the question is obviously why is for case 2.a the request not sent
as a Firewall client request (this was the behavior in SP1)?
Is this a bug and is there a workaround other than adding the
corresponding IP range?
Other related posts:
