Re: Quick (and probably obvious) question

• From: "Rogers, Brian" <RogersB@xxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 13 Aug 2002 17:01:27 -0400

Hmm...I was told by the surfcontrol people that the only way to monitor
firewall/snat clients via Superscout was to use this setting (redirect
firewall/snat to web proxy)

 

Very interesting indeed.  Thanks for the info!

 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, August 13, 2002 4:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Quick (and probably obvious) question

 

http://www.ISAserver.org

You'll see this when SecureNAT and Firewall clients access the web proxy
service via the HTTP Redirector.

Unless you have to allow direct web access for them, set it to "Reject" and
you should see these drop off.

It *could* also be SurfControl...

 

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
<http://isaserver.org/authors/harrison> 
http://jalojash.org/isatools <http://jalojash.org/isatools> 
Read the books!

----- Original Message ----- 

From: Rogers, <mailto:RogersB@xxxxxxxxxxxxxx>  Brian 

To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx>  Discussion List] 

Sent: Tuesday, August 13, 2002 10:16 AM

Subject: [isalist] Quick (and probably obvious) question

 

http://www.ISAserver.org <http://www.ISAserver.org> 




When looking at the "Sessions" container in ISA management I see quite a few
rather unusual entries on a consistent basis.

Session Type - Web Session 
User Name - Anonymous 
Client Computer - Blank 
Client Address - External Routable IP or 127.0.0.1 (this one bugs me) 
Activiation - Current Date/time 

 

My question is this.  I would assume that the Client Address section lists
External Routable IP addresses this is tracking an inbound Web session to
one of our published websites/ftp sites through the ISA Server.   However
what I don't get is the 127.0.0.1 entry.  Noone logs on to the ISA box
itself and browses the web.

It is obvious that A LOT of web traffic is being generated with the source
address being 127.0.0.1 as we use Surfcontrol to monitor proxy traffic.  It
shows 10s of thousands of hits to various websites from the client 127.0.0.1
and I cannot figure out why.

Normal proxy and firewall clients show up just fine in the Surfcontrol
reports....I just cannot figure out why all this traffic is listing itself
as coming from the loopback adapter.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rogersb@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » Quick (and probably obvious) question
• » Re: Quick (and probably obvious) question
• » Re: Quick (and probably obvious) question
• » Re: Quick (and probably obvious) question
• » Re: Quick (and probably obvious) question

1. Home
2. isalist
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---