OK found it for the Internal Network. *On the Auto Discovery tab, "Publish automatic discovery information" was unchecked *On Firewall Client tab, "Enable FWC support" is checked, my Server name is typed in, then "Automatically detect settings" and "Use automatic config. script" (default URL) is checked. "Use a Web proxy server" is NOT. (these would all be default as I do not remember changing any of this). Now knowing this, should I check 'Use a web proxy server', or uncheck the auto. detect settings? Furthermore, I've never changed ISA Console > General > Define Firewall Client Setting, so everything there should still be the same. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: April 17, 2006 1:12 PM To: ISA Mailing List Subject: [isalist] Re: "Top Users" report From within the ISA console, in the the properties of your protected network, on the firewall client tab. That should be selected if you want to autocinfigure the FWC. S ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey Sent: Monday, April 17, 2006 3:55 PM To: ISA Mailing List Subject: [isalist] Re: "Top Users" report Could you further explain? I remember during ISA 2004 setup whether I'm connecting a console to an existing ISA server, or make a new ISA server, but I doubt that's it. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: April 17, 2006 12:17 PM To: ISA Mailing List Subject: [isalist] Re: "Top Users" report Have you disabled auto detect in the ISA console, because that's where the instruction comes from. S ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey Sent: Monday, April 17, 2006 2:52 PM To: ISA Mailing List Subject: [isalist] Re: "Top Users" report Yes, but like I said, I believe most of my FWC installs have a hard-coded server address typed in, so it shouldn't be used the WPAD entry? ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: April 17, 2006 11:44 AM To: ISA Mailing List Subject: [isalist] Re: "Top Users" report Take it out the dhcp scope, (it don't work as it should), and just use a DNS A record for wpad. S ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey Sent: Monday, April 17, 2006 12:46 PM To: ISA Mailing List Subject: [isalist] Re: "Top Users" report Each client does have FWC installed (hard-coded to the ISA WINS name (instead of DNS i've now realized); but i also have configured the WPAD o252 in my domain.local DHCP scope .. ), and then after I installed it, I proceeded to the 'Web Browser' tab and hit 'Configure Now', which changed the old ISASERVER:8080 config in the client's Internet Options to the configuration script. After reading the 'Client Overview' in the Help section, I'm pretty sure that I just have FWC users which would also be Web Proxy users, so therefore the report should be working... yes? Jonathon J. Howey MENSE Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxxx Defining the Future of Transportation www.MENSE.ca <http://www.mense.ca/> ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: April 17, 2006 9:33 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: "Top Users" report Read up on client types. The help file has excellent information on this. If it's authentication you'd like and tracking by username rather than IP address, then you'll need the firewall client. As far as what the #7 entry represents you'll have to consult your logs to see what t Client Typesdd \ hat user was doing. Amy ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey Sent: Monday, April 17, 2006 11:13 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] "Top Users" report Anyone have any idea on why the IP of the machine is showing up instead of the user? Has it anything to do with using a config. script in IE/Mozilla instead of proxy and port? Reason I ask is, the report is misleading if you use DHCP, as it looks like the User (IP) is being stored as the PK, and hence if that IP get's re-assigned to a diff. user (as it has in my case), it doesn't reset the totals. As well, anyone have any ideas of where I can find out where the IP in #7 is coming from? Is it possible that it's a spammer server and the ISA report is considering traffic on port 25 as well? (this is an SBS box). No User Requests % of Total Requests Bytes In % of Total Bytes In Bytes Out % of Total Bytes Out Total Bytes % of Total Bytes 1 192.168.100.119 20096 2.90 % 22.69 GB 30.60 % 2.30 GB 4.80 % 24.99 GB 20.50 % 2 192.168.100.117 3626 0.50 % 19.37 GB 26.10 % 1.33 GB 2.80 % 20.70 GB 17.00 % 3 192.168.100.126 15047 2.20 % 3.29 GB 4.40 % 10.74 GB 22.40 % 14.03 GB 11.50 % 4 192.168.100.127 13424 2.00 % 1.88 GB 2.50 % 8.44 GB 17.60 % 10.32 GB 8.50 % 5 192.168.100.139 17883 2.60 % 5.90 GB 8.00 % 3.80 GB 7.90 % 9.70 GB 7.90 % 6 192.168.100.100 13107 1.90 % 1.29 GB 1.70 % 3.16 GB 6.60 % 4.45 GB 3.60 % 7 198.53.112.177 76 0.00 % 3.38 GB 4.60 % 219.57 MB 0.40 % 3.60 GB 2.90 % 8 192.168.100.104 746 0.10 % 611.11 MB 0.80 % 2.73 GB 5.70 % 3.33 GB 2.70 % 9 192.168.100.122 5902 0.90 % 1.38 GB 1.90 % 1.27 GB 2.70 % 2.66 GB 2.20 % 10 192.168.100.85 110655 16.10 % 725.06 MB 1.00 % 1.94 GB 4.00 % 2.65 GB 2.20 % 11 192.168.100.124 14410 2.10 % 1.15 GB 1.60 % 1.11 GB 2.30 % 2.26 GB 1.90 % 12 192.168.100.134 12922 1.90 % 1.28 GB 1.70 % 920.23 MB 1.90 % 2.18 GB 1.80 % 13 192.168.100.114 20273 3.10 % 1.60 GB 2.20 % 548.31 MB 1.10 % 2.13 GB 1.80 % 14 192.168.100.132 14908 2.30 % 216.83 MB 0.30 % 1.83 GB 3.80 % 2.04 GB 1.70 % 15 192.168.100.113 14029 2.20 % 1.09 GB 1.50 % 451.77 MB 0.90 % 1.53 GB 1.30 % All Others 374959 59.30 % 6.29 GB 11.10 % 7.06 GB 15.10 % 13.36 GB 12.60 % Total 652063 100.00 % 72.12 GB 100.00 % 47.81 GB 100.00 % 119.93 GB 100.00 % Thanks. Jonathon J. Howey MENSE Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxxx Defining the Future of Transportation www.MENSE.ca <http://www.mense.ca/>