RE: ISAserver behind a router

  • From: Jesús Vargas Bellido <jvargas@xxxxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 24 Jul 2002 14:27:05 +0200

Ok. Not at all.

I think your next step will be autenthificate outgoing web request for your 
user domains to control site, content and protocol outgoing requests in 
function of w2000 group and/or users.

Be care with this. Enable integrated autenticathion in outgoing web request 
(server propierties), basic autenticathion is unsecure due to clear passwd text 
through your network. 

SecureNAT clients don't send autenthication credentials and Firewall clients 
credentials don't pass trough HTTP redirector filter, so the best choice is 
using WebProxy clients for HTTP, HTTPS and FTP request. If you install the 
firewall client this take precedence over WebProxy so you'll dehabilitate the 
FW and SecureNAT trought HTTP Redirector Filter (Application Filters -> HTTP 
Filter -> Discard firewall requests) in order to disable this requests and 
force the Web Proxy client use.

With this configuration you'll lost the cache function for Firewall and 
SecureNat clients but will be able to log and to control your web trafic using 
Windows users and groups.

I like ISA. I think is a powerful tool but sometimes complex product. I got MCP 
certification for ISA and can sure it to you.

What's about H.323 Gatekeeper? Would you like talk and see your partners, 
clients, etc free of phone charges using NetMeeting. I'm using it and it's 
pretty and easy.


Other related posts: