No fix from SurfControl (SC) -- Jan 2005 tech support had a different answer. I have been going round and round with SC since September 05 on this issue. Here is the last msg (27 Jan 05) I received from tech support. My SurfControl sales rep told me, just this week, that I must purchase a "Collector" for SurfControl @ $500 for my 2nd installation of ISA 2000 with SurfControl 5. I currently operate two installs of ISA with SurfControl 5 - one for SNAT clients and the other for proxy clients. I asked her why should I pay for their oversight - I have yet to here back from her. Have fun! Greg ---------message from surfcontrol tech support - Jan 2005------------------- Hello Greg, It has been reported and should be fix in our future release, QA is currently investigating this issue and believe it's a Surfcontrol related. Thank you, Anthony -----Original Message----- From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Thursday, January 27, 2005 10:49 AM To: Anthony Liu Subject: RE: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Thursday, March 17, 2005 1:50 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 http://www.ISAserver.org Are you sure? I checked that page, and it had a good sized list of other browsers and their signatures (of course, they are being blocked now here). Oh, and I just got off the phone with SurfControl, the person I was talking to claims that the reason they can't filter SecureNAT sessions is because they can't get a "Source IP", the ISA server hides that, so they drop the packet from filtering. I passed on a summary of what David said he did to fix a possible similar problem, but he didn't seem to want to hear it. So, since a fix from SurfControl doesn't seem to be anywhere near being on the horizon, anyone have any ideas how to block all SecureNAT sessions? I have no problems with "requiring" all users to use the FWC. -----Original Message----- From: Ara [mailto:ara@xxxxxxxxxxxxx] Sent: Thursday, March 17, 2005 13:11 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 http://www.ISAserver.org Oops! I forgot to post the link http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/commonapplica tionsignatures.mspx -----Original Message----- From: Ara Sent: Thursday, March 17, 2005 10:07 AM To: '[ISAserver.org Discussion List]' Subject: RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 Tom, Very good choice but where can I find signatures for other browsers? I have followed this link and it only provides IE, or can I create a rule that client header has to be IE? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregory.crockett@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx