[isalist] Re: RES: Infor - Help
- From: Jerry Young <jerrygyoungii@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 26 Jun 2009 16:31:48 -0400
Leandro,
Take a look at the configuration of your web proxy listener. If the setting
"require all users to authenticate" is selected, deselect it to allow
authentication to be performed at the rule level.
Once deselected, check the configuration of your rule and ensure you are
enforcing authentication there.
On Fri, Jun 26, 2009 at 4:17 PM, LEANDRO DOS S. FERREIRA - TI <
LEANDRO@xxxxxxxxxxx> wrote:
> OK Jim... please give me a tip about my case!!! How can I solve this
> ?!?!?!
>
>
>
> Regards
>
>
>
> Leandro
>
>
>
> *De:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *Em
> nome de *Jim Harrison
> *Enviada em:* sexta-feira, 26 de junho de 2009 17:04
>
> *Para:* isalist@xxxxxxxxxxxxx
> *Assunto:* [isalist] Re: Infor - Help
>
>
>
> If your web proxy listener is configured as “require all users to
> authenticate”, then you have NO anonymous rules.
>
>
>
> Jim
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *LEANDRO DOS S. FERREIRA - TI
> *Sent:* Friday, June 26, 2009 12:42 PM
> *To:* isalist@xxxxxxxxxxxxx
> *Subject:* [isalist] RES: Infor - Help
>
>
>
> Jim... please explain better... my rule is:
>
>
>
> ALLOW -> HTTP/HTTPS -> INTERNAL NETWORK -> RANGER IP(BANKS) -> ALL USERS
>
>
>
> *De:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *Em
> nome de *Jim Harrison
> *Enviada em:* sexta-feira, 26 de junho de 2009 16:35
> *Para:* isalist@xxxxxxxxxxxxx
> *Assunto:* [isalist] Re: Infor - Help
>
>
>
> If the listener is configured to require authentication, the rule
> configuration is moot.
>
> Better that you enforce authentication at the rule level anyway.
>
>
>
> Jim
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *LEANDRO DOS S. FERREIRA - TI
> *Sent:* Friday, June 26, 2009 8:04 AM
> *To:* isalist@xxxxxxxxxxxxx
> *Subject:* [isalist] RES: Infor - Help
>
>
>
> Yes, My Server is configured with Integrated authentication…. But in the
> rule is setup access to ALL USERS and other group that I want that access
> the website.
>
>
>
> *De:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *Em
> nome de *D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
> *Enviada em:* sexta-feira, 26 de junho de 2009 11:47
> *Para:* isalist@xxxxxxxxxxxxx
> *Assunto:* [isalist] Re: Infor - Help
>
>
>
> The log is telling you the problem, authentication.
>
> Is your server configure with Integrated authentication? Is you rule
> allowing all the users or authenticated users?
>
>
>
> Regards
>
> *Diego R. Pietruszka*
>
> MIS - Shift Manager
>
> MSC (USA) - Interlink Transport Technologies
>
> Direct Phone: (908)605-4147
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *LEANDRO DOS S. FERREIRA - TI
> *Sent:* Friday, June 26, 2009 10:17 AM
> *To:* isalist@xxxxxxxxxxxxx
> *Subject:* [isalist] RES: Infor - Help
>
>
>
> So tks a lot by reply.
>
>
>
> When I try Access website bank, without setup webproxy client/firewall
> client at IE I can not get a log. But when I setup the webproxy, the system
> produce this log..... asking me a usr/pwd.... but I do not want that the
> system request me the usr/pwd. I want that this access will be release
> without authentication.
>
>
>
> Denied Connection *ISASERVER 6/26/2009 11:10:37 AM* *Log type: *Web Proxy
> (Forward) *Status: *12209 The ISA Server requires authorization to fulfill
> the request. Access to the Web Proxy filter is denied. *Rule: Source:
> *(10.1.6.39)
> *Destination: *(10.1.0.100:80 <http://10.1.0.100/>) *Request: *GET
> http://www.unibanco.com.br/ *Filter information: Protocol: *http *User:
> *anonymous
>
>
> javascript:ToggleList('AddInfoNode')Additional information
>
> · *Client agent: *Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
> 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET
> CLR 3.0.30618)
>
> · *Object source: *(No source information is available.)
>
> · *Cache info: *0x0
>
> · *Processing time: *1 ms
>
> · *MIME type:*
>
>
>
> I
>
>
>
>
>
> *De:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *Em
> nome de *D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
> *Enviada em:* sexta-feira, 26 de junho de 2009 11:03
> *Para:* isalist@xxxxxxxxxxxxx
> *Assunto:* [isalist] Re: Infor - Help
>
>
>
> Did you check the log on ISA while your users were trying to access the
> site?
>
> The log will on most cases which one is the error.
>
>
>
> Do that and come back with the results please.
>
>
>
> Regards
>
> *Diego R. Pietruszka*
>
> MIS - Shift Manager
>
> MSC (USA) - Interlink Transport Technologies
>
> Direct Phone: (908)605-4147
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *LEANDRO DOS S. FERREIRA - TI
> *Sent:* Friday, June 26, 2009 9:49 AM
> *To:* Isalist (isalist@xxxxxxxxxxxxx)
> *Subject:* [isalist] Infor - Help
>
>
>
> Dears,
>
>
>
> I had isaserver 2006 and now I would like to release for my users Access to
> wesite Banks. But in this case I would like to realease Access for all over
> network.
>
>
>
> Today I had a internet group Access to control the internet Access, I do
> not want use this policy for this.
>
>
>
> I create a policy allow (http/https) for all user to only website Banks,
> but this rule is not working.
>
>
>
> Can anyone help me ?!?!?
>
>
>
> regards
>
>
>
> *_______________________*
>
> *Leandro dos Santos Ferreira*
>
> IT Team - Segurança da Informação
>
> mailto:leandro@xxxxxxxxxxx <leandro@xxxxxxxxxxx>
>
> CBMM - Companhia Brasileira de Metalúrgia e Mineração
>
> Inovar - Respeitar - Competir
>
>
>
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Other related posts:
