RE: SecureNAT -- Redirect to local Web Proxy service

• From: "Aman Bedi" <gurkirpal.bedi@xxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 24 Sep 2004 11:05:56 -0400

If you disable anonymous access for HTTP in ISA , it will block SecurNAT
access. This way you force the clients to use proxy. Also enable
authentication in proxy settings. Make authentication required. This will
make the users enter their credentials for access to HTTP. Now surf control
will monitor these HTTP connections and will also get user credentials. Now
you can make rules based on users or groups .


Scanbuy Inc
Aman Bedi | Systems/Network Administrator (MCSD, MCSA 2000, MCSA 2003)
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com 

PRIVILEGED & CONFIDENTIAL 
The information contained in this email message is intended only for use of
the person or entity to whom it is addressed. The contained information is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify the
sender immediately.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------------------


-----Original Message-----
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
Sent: Friday, September 24, 2004 10:28 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service

http://www.ISAserver.org


Was this for your SNAT or FW clients?  I cannot get it to work for SNAT.
Our clients are either proxy or SNAT.  The SNAT clients are ad-hoc --
wireless hotspots.

TIA

greg

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Thursday, September 23, 2004 11:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service

http://www.ISAserver.org

Hi greg, 

I had similar issue with surfcontrol.
With isa 2004, it works only with proxy clients
In isa 2000, u could set an option in http applicator to drop http
requests
from securenat and firewall clients.
But in ISA 2004 u cannot do anything like that 
So what I did was I blocked all anonymous HTTP access ( blocks
securenat) 
And disable IE and other browsers in firewall client settings 
This forces browsers to be proxy and then surf control works fine.

HTH 


Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
202-4318 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com 

PRIVILEGED & CONFIDENTIAL 
The information contained in this email message is intended only for use
of
the person or entity to whom it is addressed. The contained information
is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you
are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify
the
sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------

-----Original Message-----
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
Sent: Thursday, September 23, 2004 8:54 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service

http://www.ISAserver.org

Hello Tom,

Thanx for the info.  

The reason I ask is that SurfControl 2k4/ISA2k4 no longer blocks SNAT
request -- it works fine for proxy clients.  I guess unbinding HTTP in
ISA2k4 is the same as Application Filter/HTTP Redirector
Filter/Options/Redirect to local Web Proxy service in ISA2k4 -- this was
the key for SNAT and Firewall clients blocking for SurfControl.  Either
MS or SurfControl is missing something in this functionality.

TIA

greg

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, September 22, 2004 8:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service

http://www.ISAserver.org

Hi Greg,

Firewall client and SecureNAT client connections are automatically
forwarded to the Web Proxy filter when the Web Proxy filter is bound to
the HTTP protocol. If you unbind it, then the connections are forwarded
directly to the Internet Server and bypasses by the Web Proxy filter, at
least for Firewall and SecureNAT clients.

When the client is configured as a Web Proxy client, it "remotes" the
connection to the Web Proxy listener, and so the Web Proxy filter
automatically will handle Web Proxy client requests, even when the Web
Proxy filter is removed from the HTTP protocol definition.

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] 
Sent: Wednesday, September 22, 2004 8:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] SecureNAT -- Redirect to local Web Proxy service


http://www.ISAserver.org

The above was available under Application/Filters in ISA2K -- where is
this function in ISA2k4?

TIA

Have fun!

greg

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregory.crockett@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregory.crockett@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » SecureNAT -- Redirect to local Web Proxy service
• » RE: SecureNAT -- Redirect to local Web Proxy service
• » RE: SecureNAT -- Redirect to local Web Proxy service
• » RE: SecureNAT -- Redirect to local Web Proxy service
• » RE: SecureNAT -- Redirect to local Web Proxy service
• » RE: SecureNAT -- Redirect to local Web Proxy service
• » RE: SecureNAT -- Redirect to local Web Proxy service
• » RE: SecureNAT -- Redirect to local Web Proxy service

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---