Seems like Surfcontrol is missing something in 2004. The 2000 version blocked SNAT. We cannot force the ad-hoc wireless hotspot/SNAT clients to use proxy -- we do not want to get involved with their configuration. Looks like I must leave ISA2K online for our SNAT clients until SurfControl finds a resolution. greg -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Friday, September 24, 2004 10:02 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service http://www.ISAserver.org As I Said, Surf control works only for proxy clients It will not block or monitor requests from SNAT clients. If you want to make surf control monitor HTTP traffic the clients have to be Proxy clients Scanbuy Inc Aman Bedi | Systems/Network Administrator (MCSD, MCSA 2000, MCSA 2003) 54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ ---- ------------------------------------- -----Original Message----- From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Friday, September 24, 2004 10:28 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service http://www.ISAserver.org Was this for your SNAT or FW clients? I cannot get it to work for SNAT. Our clients are either proxy or SNAT. The SNAT clients are ad-hoc -- wireless hotspots. TIA greg -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Thursday, September 23, 2004 11:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service http://www.ISAserver.org Hi greg, I had similar issue with surfcontrol. With isa 2004, it works only with proxy clients In isa 2000, u could set an option in http applicator to drop http requests from securenat and firewall clients. But in ISA 2004 u cannot do anything like that So what I did was I blocked all anonymous HTTP access ( blocks securenat) And disable IE and other browsers in firewall client settings This forces browsers to be proxy and then surf control works fine. HTH Scanbuy Inc Aman Bedi | Systems/Network Administrator 54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com PRIVILEGED & CONFIDENTIAL The information contained in this email message is intended only for use of the person or entity to whom it is addressed. The contained information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under applicable laws. If you read this message and are not the addressee, you are notified that use, dissemination or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ ---- ------------------------------------- -----Original Message----- From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Thursday, September 23, 2004 8:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service http://www.ISAserver.org Hello Tom, Thanx for the info. The reason I ask is that SurfControl 2k4/ISA2k4 no longer blocks SNAT request -- it works fine for proxy clients. I guess unbinding HTTP in ISA2k4 is the same as Application Filter/HTTP Redirector Filter/Options/Redirect to local Web Proxy service in ISA2k4 -- this was the key for SNAT and Firewall clients blocking for SurfControl. Either MS or SurfControl is missing something in this functionality. TIA greg -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, September 22, 2004 8:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT -- Redirect to local Web Proxy service http://www.ISAserver.org Hi Greg, Firewall client and SecureNAT client connections are automatically forwarded to the Web Proxy filter when the Web Proxy filter is bound to the HTTP protocol. If you unbind it, then the connections are forwarded directly to the Internet Server and bypasses by the Web Proxy filter, at least for Firewall and SecureNAT clients. When the client is configured as a Web Proxy client, it "remotes" the connection to the Web Proxy listener, and so the Web Proxy filter automatically will handle Web Proxy client requests, even when the Web Proxy filter is removed from the HTTP protocol definition. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Wednesday, September 22, 2004 8:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] SecureNAT -- Redirect to local Web Proxy service http://www.ISAserver.org The above was available under Application/Filters in ISA2K -- where is this function in ISA2k4? TIA Have fun! greg ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregory.crockett@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregory.crockett@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregory.crockett@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx