[isalist] RES: Re: RES: Infor - Help

• From: "LEANDRO DOS S. FERREIRA - TI" <LEANDRO@xxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 26 Jun 2009 17:37:28 -0300

OK..... thanks a lot all.

I deselect the item and reforce in the Police rule.... in realize only the ip 
address of banks.

Regards

Leandro

De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] Em nome 
de Jerry Young
Enviada em: sexta-feira, 26 de junho de 2009 17:32
Para: isalist@xxxxxxxxxxxxx
Assunto: [isalist] Re: RES: Infor - Help

Leandro,

Take a look at the configuration of your web proxy listener.  If the setting 
"require all users to authenticate" is selected, deselect it to allow 
authentication to be performed at the rule level.

Once deselected, check the configuration of your rule and ensure you are 
enforcing authentication there.
On Fri, Jun 26, 2009 at 4:17 PM, LEANDRO DOS S. FERREIRA - TI 
<LEANDRO@xxxxxxxxxxx<mailto:LEANDRO@xxxxxxxxxxx>> wrote:

OK Jim... please give me a tip about my case!!! How can I solve this ?!?!?!



Regards



Leandro



De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em 
nome de Jim Harrison
Enviada em: sexta-feira, 26 de junho de 2009 17:04

Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Assunto: [isalist] Re: Infor - Help



If your web proxy listener is configured as "require all users to 
authenticate", then you have NO anonymous rules.



Jim



From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 12:42 PM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] RES: Infor - Help



Jim... please explain better... my rule is:



ALLOW -> HTTP/HTTPS -> INTERNAL NETWORK -> RANGER IP(BANKS) -> ALL USERS



De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em 
nome de Jim Harrison
Enviada em: sexta-feira, 26 de junho de 2009 16:35
Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Assunto: [isalist] Re: Infor - Help



If the listener is configured to require authentication, the rule configuration 
is moot.

Better that you enforce authentication at the rule level anyway.



Jim



From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 8:04 AM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] RES: Infor - Help



Yes, My Server is configured with Integrated authentication.... But in the rule 
is setup access to ALL USERS and other group that I want that access the 
website.



De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em 
nome de D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Enviada em: sexta-feira, 26 de junho de 2009 11:47
Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Assunto: [isalist] Re: Infor - Help



The log is telling you the problem, authentication.

Is your server configure with Integrated authentication? Is you rule allowing 
all the users or authenticated users?



Regards

Diego R. Pietruszka

MIS - Shift Manager

MSC (USA) - Interlink Transport Technologies

Direct Phone: (908)605-4147



From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 10:17 AM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] RES: Infor - Help



So tks a lot by reply.



When I try Access website bank, without setup webproxy client/firewall client 
at IE I can not get a log. But when I setup the webproxy, the system produce 
this log..... asking me a usr/pwd.... but I do not want that the system request 
me the usr/pwd. I want that this access will be release without authentication.



Denied Connection ISASERVER 6/26/2009 11:10:37 AM Log type: Web Proxy (Forward) 
Status: 12209 The ISA Server requires authorization to fulfill the request. 
Access to the Web Proxy filter is denied. Rule: Source: (10.1.6.39) 
Destination: (10.1.0.100:80<http://10.1.0.100/>) Request: GET 
http://www.unibanco.com.br/ Filter information: Protocol: http User: anonymous

javascript:ToggleList('AddInfoNode')Additional information

*         Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; 
SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 
3.0.30618)

*         Object source: (No source information is available.)

*         Cache info: 0x0

*         Processing time: 1 ms

*         MIME type:



I





De: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] Em 
nome de D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Enviada em: sexta-feira, 26 de junho de 2009 11:03
Para: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Assunto: [isalist] Re: Infor - Help



Did you check the log on ISA while your users were trying to access the site?

The log will on most cases which one is the error.



Do that and come back with the results please.



Regards

Diego R. Pietruszka

MIS - Shift Manager

MSC (USA) - Interlink Transport Technologies

Direct Phone: (908)605-4147



From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Friday, June 26, 2009 9:49 AM
To: Isalist (isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>)
Subject: [isalist] Infor - Help



Dears,



I had isaserver 2006 and now I would like to release for my users Access to 
wesite Banks. But in this case I would like to realease Access for all over 
network.



Today I had a internet group Access to control the internet Access, I do not 
want use this policy for this.



I create a policy allow (http/https) for all user to only website Banks, but 
this rule is not working.



Can anyone help me ?!?!?



regards



_______________________

Leandro dos Santos Ferreira

IT Team - Segurança da Informação

mailto:leandro@xxxxxxxxxxx

CBMM - Companhia Brasileira de Metalúrgia e Mineração

Inovar - Respeitar - Competir





--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer

• References:
  • [isalist] Infor - Help
    • From: LEANDRO DOS S. FERREIRA - TI
  • [isalist] Re: Infor - Help
    • From: D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
  • [isalist] RES: Infor - Help
    • From: LEANDRO DOS S. FERREIRA - TI
  • [isalist] Re: Infor - Help
    • From: D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
  • [isalist] RES: Infor - Help
    • From: LEANDRO DOS S. FERREIRA - TI
  • [isalist] Re: Infor - Help
    • From: Jim Harrison
  • [isalist] RES: Infor - Help
    • From: LEANDRO DOS S. FERREIRA - TI
  • [isalist] Re: Infor - Help
    • From: Jim Harrison
  • [isalist] RES: Infor - Help
    • From: LEANDRO DOS S. FERREIRA - TI
  • [isalist] Re: RES: Infor - Help
    • From: Jerry Young

Other related posts:

• » [isalist] RES: Re: RES: Infor - Help - LEANDRO DOS S. FERREIRA - TI

1. Home
2. isalist
3. Archive
4. 06-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---