OK..... thanks a lot all. I deselect the item and reforce in the Police rule.... in realize only the ip address of banks. Regards Leandro De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] Em nome de Jerry Young Enviada em: sexta-feira, 26 de junho de 2009 17:32 Para: isalist@xxxxxxxxxxxxx Assunto: [isalist] Re: RES: Infor - Help Leandro, Take a look at the configuration of your web proxy listener. If the setting "require all users to authenticate" is selected, deselect it to allow authentication to be performed at the rule level. Once deselected, check the configuration of your rule and ensure you are enforcing authentication there. On Fri, Jun 26, 2009 at 4:17 PM, LEANDRO DOS S. FERREIRA - TI <LEANDRO@xxxxxxxxxxx<mailto:LEANDRO@xxxxxxxxxxx>> wrote: OK Jim... please give me a tip about my case!!! How can I solve this ?!?!?! Regards Leandro De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em nome de Jim Harrison Enviada em: sexta-feira, 26 de junho de 2009 17:04 Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Assunto: [isalist] Re: Infor - Help If your web proxy listener is configured as "require all users to authenticate", then you have NO anonymous rules. Jim From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On Behalf Of LEANDRO DOS S. FERREIRA - TI Sent: Friday, June 26, 2009 12:42 PM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] RES: Infor - Help Jim... please explain better... my rule is: ALLOW -> HTTP/HTTPS -> INTERNAL NETWORK -> RANGER IP(BANKS) -> ALL USERS De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em nome de Jim Harrison Enviada em: sexta-feira, 26 de junho de 2009 16:35 Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Assunto: [isalist] Re: Infor - Help If the listener is configured to require authentication, the rule configuration is moot. Better that you enforce authentication at the rule level anyway. Jim From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On Behalf Of LEANDRO DOS S. FERREIRA - TI Sent: Friday, June 26, 2009 8:04 AM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] RES: Infor - Help Yes, My Server is configured with Integrated authentication.... But in the rule is setup access to ALL USERS and other group that I want that access the website. De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em nome de D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR Enviada em: sexta-feira, 26 de junho de 2009 11:47 Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Assunto: [isalist] Re: Infor - Help The log is telling you the problem, authentication. Is your server configure with Integrated authentication? Is you rule allowing all the users or authenticated users? Regards Diego R. Pietruszka MIS - Shift Manager MSC (USA) - Interlink Transport Technologies Direct Phone: (908)605-4147 From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On Behalf Of LEANDRO DOS S. FERREIRA - TI Sent: Friday, June 26, 2009 10:17 AM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] RES: Infor - Help So tks a lot by reply. When I try Access website bank, without setup webproxy client/firewall client at IE I can not get a log. But when I setup the webproxy, the system produce this log..... asking me a usr/pwd.... but I do not want that the system request me the usr/pwd. I want that this access will be release without authentication. Denied Connection ISASERVER 6/26/2009 11:10:37 AM Log type: Web Proxy (Forward) Status: 12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. Rule: Source: (10.1.6.39) Destination: (10.1.0.100:80<http://10.1.0.100/>) Request: GET http://www.unibanco.com.br/ Filter information: Protocol: http User: anonymous javascript:ToggleList('AddInfoNode')Additional information * Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618) * Object source: (No source information is available.) * Cache info: 0x0 * Processing time: 1 ms * MIME type: I De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em nome de D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR Enviada em: sexta-feira, 26 de junho de 2009 11:03 Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Assunto: [isalist] Re: Infor - Help Did you check the log on ISA while your users were trying to access the site? The log will on most cases which one is the error. Do that and come back with the results please. Regards Diego R. Pietruszka MIS - Shift Manager MSC (USA) - Interlink Transport Technologies Direct Phone: (908)605-4147 From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On Behalf Of LEANDRO DOS S. FERREIRA - TI Sent: Friday, June 26, 2009 9:49 AM To: Isalist (isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>) Subject: [isalist] Infor - Help Dears, I had isaserver 2006 and now I would like to release for my users Access to wesite Banks. But in this case I would like to realease Access for all over network. Today I had a internet group Access to control the internet Access, I do not want use this policy for this. I create a policy allow (http/https) for all user to only website Banks, but this rule is not working. Can anyone help me ?!?!? regards _______________________ Leandro dos Santos Ferreira IT Team - Segurança da Informação mailto:leandro@xxxxxxxxxxx CBMM - Companhia Brasileira de Metalúrgia e Mineração Inovar - Respeitar - Competir -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer