Hi Tom, Yes ISAPI ISA PROXY plugins from ISA2000 will not work properly on ISA2004 for SNAT clients (if they check URL). These plugins have to be slightly re-coded. In ~ july 2004 you tested WebMonitor for ISA server and reported that on ISA2004 you saw partial URLs and not full URLs for SNAT clients. I retested it and I found out that for SNAT clients on ISA2004 my "GetUrl" function calls to PROXY returns me just partial URL instead of usual full URL. I fixed it by simply constructing URL based on client request and not relying on PROXY helper functions. Since then WebMonitor works fine for all types of clients. Regards David Farinic. ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, March 17, 2005 4:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 http://www.ISAserver.org Hi David, From what I've heard, the 3rd party plug ins that worked with the ISA 2000 HTTP Redirector Filter don't work with the 2004 Web proxy filter bound to the HTTP protocol. If the client is configured as a Firewall client, then the connection is handled by the Web proxy filter, but for some reason, the plug ins don't apply to the connection. Instead, the client must be explicitly configured as a Web proxy client in order to reach the Web filter plug in. Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: David Farinic [mailto:davidf@xxxxxxx] Sent: Thursday, March 17, 2005 9:28 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 http://www.ISAserver.org There is no problem with that in ISA2004. As I understood it that particular 3rd party ISAPI (ISA2004 PROXY) plugin simply doesn't see URLs from SNAT clients (i.e. http traffic redirected to PROXY ) therefore it can not filter them and its passing them through. My conclusion from this was that 3rd party plug-in needs to be fixed as there is difference now how to get request URL from SNAT clients and direct proxy clients (I described this before in more detail) . Correct me if I am wrong. Regards DavidF ________________________________ From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Thursday, March 17, 2005 4:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 http://www.ISAserver.org That is pretty much what we've been talking about, and how it couldn't be done, so now I'm confused. I remember doing that in ISA2000, but where is this setting in ISA2004? ________________________________ From: David Farinic [mailto:davidf@xxxxxxx] Sent: Thursday, March 17, 2005 09:30 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 This mail was checked for viruses by GFI MailSecurity. GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com