[isalist] Re: "Top Users" report

• From: "Jonathon J. Howey" <Jonathon@xxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Mon, 17 Apr 2006 13:34:08 -0600

OK found it for the Internal Network.
 
*On the Auto Discovery tab, "Publish automatic discovery information"
was unchecked
*On Firewall Client tab, "Enable FWC support" is checked, my Server name
is typed in, then "Automatically detect settings" and "Use automatic
config. script" (default URL) is checked.  "Use a Web proxy server" is
NOT.  (these would all be default as I do not remember changing any of
this).
 
Now knowing this, should I check 'Use a web proxy server', or uncheck
the auto. detect settings?
 
Furthermore, I've never changed ISA Console > General > Define Firewall
Client Setting, so everything there should still be the same.
 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Sent: April 17, 2006 1:12 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report



From within the ISA console, in the  the properties of your protected
network, on the firewall client tab. 

 

That should be selected if you want to autocinfigure the FWC.

 

S

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 3:55 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report

 

Could you further explain?  I remember during ISA 2004 setup whether I'm
connecting a console to an existing ISA server, or make a new ISA
server, but I doubt that's it.

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Sent: April 17, 2006 12:17 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report

Have you disabled auto detect in the ISA console, because that's where
the instruction comes from.

 

S

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 2:52 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report

 

Yes, but like I said, I believe most of my FWC installs have a
hard-coded server address typed in, so it shouldn't be used the WPAD
entry?

 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Sent: April 17, 2006 11:44 AM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report

Take it out the dhcp scope, (it don't work as it should), and just use a
DNS A record for wpad.

 

S

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 12:46 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report

 

Each client does have FWC installed (hard-coded to the ISA WINS name
(instead of DNS i've now realized); but i also have configured the WPAD
o252 in my domain.local DHCP scope .. ), and then after I installed it,
I proceeded to the 'Web Browser' tab and hit 'Configure Now', which
changed the old ISASERVER:8080 config in the client's Internet Options
to the configuration script.

 

After reading the 'Client Overview' in the Help section, I'm pretty sure
that I just have FWC users which would also be Web Proxy users, so
therefore the report should be working... yes?

 

 

Jonathon J. Howey

MENSE Inc.

P 780.409.5620

F 780.409.5621

D 780.409.5628

C 780.965.8363

Jonathon@xxxxxxxx

 

Defining the Future of Transportation

www.MENSE.ca <http://www.mense.ca/> 

 

 

 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: April 17, 2006 9:33 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report

Read up on client types. The help file has excellent information on
this. If it's authentication you'd like and tracking by username rather
than IP address, then you'll need the firewall client.

 

As far as what the #7 entry represents you'll have to consult your logs
to see what t Client Typesdd

\ hat user was doing. 

 

Amy

 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 11:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] "Top Users" report

 

Anyone have any idea on why the IP of the machine is showing up instead
of the user?  Has it anything to do with using a config. script in
IE/Mozilla instead of proxy and port?  Reason I ask is, the report is
misleading if you use DHCP, as it looks like the User (IP) is being
stored as the PK, and hence if that IP get's re-assigned to a diff. user
(as it has in my case), it doesn't reset the totals.

 

As well, anyone have any ideas of where I can find out where the IP in
#7 is coming from?  Is it possible that it's a spammer server and the
ISA report is considering traffic on port 25 as well?  (this is an SBS
box).

 

 

No

User

Requests

% of Total Requests

Bytes In

% of Total Bytes In

Bytes Out

% of Total Bytes Out

Total Bytes

% of Total Bytes

1

192.168.100.119

20096

2.90 %

22.69 GB

30.60 %

2.30 GB

4.80 %

24.99 GB

20.50 %

2

192.168.100.117

3626

0.50 %

19.37 GB

26.10 %

1.33 GB

2.80 %

20.70 GB

17.00 %

3

192.168.100.126

15047

2.20 %

3.29 GB

4.40 %

10.74 GB

22.40 %

14.03 GB

11.50 %

4

192.168.100.127

13424

2.00 %

1.88 GB

2.50 %

8.44 GB

17.60 %

10.32 GB

8.50 %

5

192.168.100.139

17883

2.60 %

5.90 GB

8.00 %

3.80 GB

7.90 %

9.70 GB

7.90 %

6

192.168.100.100

13107

1.90 %

1.29 GB

1.70 %

3.16 GB

6.60 %

4.45 GB

3.60 %

7

198.53.112.177

76

0.00 %

3.38 GB

4.60 %

219.57 MB

0.40 %

3.60 GB

2.90 %

8

192.168.100.104

746

0.10 %

611.11 MB

0.80 %

2.73 GB

5.70 %

3.33 GB

2.70 %

9

192.168.100.122

5902

0.90 %

1.38 GB

1.90 %

1.27 GB

2.70 %

2.66 GB

2.20 %

10

192.168.100.85

110655

16.10 %

725.06 MB

1.00 %

1.94 GB

4.00 %

2.65 GB

2.20 %

11

192.168.100.124

14410

2.10 %

1.15 GB

1.60 %

1.11 GB

2.30 %

2.26 GB

1.90 %

12

192.168.100.134

12922

1.90 %

1.28 GB

1.70 %

920.23 MB

1.90 %

2.18 GB

1.80 %

13

192.168.100.114

20273

3.10 %

1.60 GB

2.20 %

548.31 MB

1.10 %

2.13 GB

1.80 %

14

192.168.100.132

14908

2.30 %

216.83 MB

0.30 %

1.83 GB

3.80 %

2.04 GB

1.70 %

15

192.168.100.113

14029

2.20 %

1.09 GB

1.50 %

451.77 MB

0.90 %

1.53 GB

1.30 %

 

All Others

374959

59.30 %

6.29 GB

11.10 %

7.06 GB

15.10 %

13.36 GB

12.60 %

 

Total

652063

100.00 %

72.12 GB

100.00 %

47.81 GB

100.00 %

119.93 GB

100.00 %

 

Thanks.

 

Jonathon J. Howey

MENSE Inc.

P 780.409.5620

F 780.409.5621

D 780.409.5628

C 780.965.8363

Jonathon@xxxxxxxx

 

Defining the Future of Transportation

www.MENSE.ca <http://www.mense.ca/> 

 

 

 

Other related posts:

• » [isalist] "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report
• » [isalist] Re: "Top Users" report

1. Home
2. isalist
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---