RE: Using the firewall client to webproxy access upstream ISA server
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 9 Aug 2004 12:15:43 -0500
Hi Shawn,
Ha! OK, didn't think about the ISA firewall being in "capon" mode ;-)
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Monday, August 09, 2004 11:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using the firewall client to webproxy access
upstream ISA server
http://www.ISAserver.org
If the internal ISAs are installed in cache mode then they would just
sit on the internal subnet(s), same as the internal interface of ISAx.
There would be regular routes to the internal interface of ISAx, thus
the ability to bypass the internal ISAs. The problem in that scenario
is that there's no access control on ISAx.
-Shawn
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, August 09, 2004 12:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using the firewall client to webproxy access
upstream ISA server
http://www.ISAserver.org
Hi Shawn,
But how can the downstream clients get past the downstream ISA firewalls
when TCP and UDP 1745 are not allowed outbound?
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Monday, August 09, 2004 11:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using the firewall client to webproxy access
upstream ISA server
http://www.ISAserver.org
I assume this is what you have, given the fact that pointing IE to the
upstream server is actually letting them through:
Internal ISA 1----
| DMZ
| |
Internal ISA 2------ ISAx --|-- ISAy -- Internet
|
|
Internal ISA 3----
If so, create a client address set on ISAx to only allow incoming
requests from the Internal ISAs.
-Shawn
-----Original Message-----
From: Andy Greenhalgh [mailto:andy.greenhalgh@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, August 09, 2004 12:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Using the firewall client to webproxy access upstream
ISA server
http://www.ISAserver.org
We have a back to back ISA server DMZ configuration. We run 3 internal
ISA servers for 3 separate internal networks, Corporate, Education, and
Public Library. The DMZ has a single connection to the internet.
Each internal network has different content filtering requirements so
the content filtering is installed on each internal ISA server.
Some of our more technically able users are bypassing the content
filtering by configuring Internet Explorer to use the uptstream ISA
server IP address and using the firewall client to reach the upstream
ISA server.
Is there a configuration which can prevent this? Our users will still
need to access some content using the firewall client.
Andy Greenhalgh
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
