RE: SurfControl web filter

  • From: "Rami SIK" <rami@xxxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 24 Jan 2003 10:46:22 +0200

Thanks for your reply. I am with you about the domain authentication
process. However, consider the followings;

 

1)       Our Lan and intranet users log in to the domain. So, there is
no problem with these user authentications. On the other site, I have an
extranet site which does not belong to our W2K domain (moreover they do
not use any domain, but simple workgroup), but they access the internet
through our ISA+SurfControl proxy machine. In this case, my solution was
to open a user name on the ISA server locally for each person coming
from the extranet site (this solution worked until the SurfControl
v4.2).

 

2)       Microsoft officially suggest that, when especially using A.D.,
we should put domain users into Global Security groups, then make these
global groups a member of local group on which machine you try to give
some permissions, and then give any right locally to these local
groups!!!!!!!!

 

 

Regards,

 

 

 

--------------------------------------------------------------------

Rami SIK

 

System & Network Administrator

CCNA

 

Kimyatas

Istanbul / Turkey

 

Tel:90-212-334 4963

--------------------------------------------------------------------

 

-----Original Message-----
From: William Robertson [mailto:william.robertson@xxxxxxxxx] 
Sent: Friday, January 24, 2003 9:54 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SurfControl web filter

 

http://www.ISAserver.org

Hi Rami

 

I have SurfControl WEB Filter installed as well and I have confirmed
that which you say, but my question is this, if your ISA Server is a
member of the Win2K Domain, then surely you only use Usernames created
within your Active Directory, and not on your individual servers?

 

With this in mind, I cannot see why you would ever want to start
authorizing access within SurfControl based upon a group or user that is
local to the ISA Server alone, because who is going to authenticate
against the ISA Server instead of against your Win2K domain? The thing
is, when you are surfing through ISA Server's WEB Proxy service,
Internet Explorer will pass your currently logged-on credentials through
to ISA Server. These credentials are the username you use to log onto
your workstation, and I don't know about you, but when I log on to my
workstation I use the domain username, not a username created locally on
my ISA Server firewall.

 

Cheers

William R.

 

-----Original Message-----
From: Rami SIK [mailto:rami@xxxxxxxxxxxxxxx] 
Sent: 24 January 2003 08:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] SurfControl web filter

 

http://www.ISAserver.org

Hi all,

 

If you are using SurfControl Web filter for ISA, please read the
following problem.

 

I am using SurfControl version 4.2. When I try to establish rules for
the SurfControl, I can see the W2k Domain users and groups, but not
local users & groups on which ISA server runs. (ISA server is a member
of the W2K domain).

 

Regards,

 

 

 

 

--------------------------------------------------------------------

Rami SIK

 

System & Network Administrator

CCNA

 

Kimyatas

Istanbul / Turkey

 

Tel:90-212-334 4963

--------------------------------------------------------------------

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rami@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: