Hi Alfonso, There should be no entries in your firewall logs, since the clients are not configured as Web Proxy or SecureNAT clients. They should be configured as Web Proxy clients only. To ensure that only Web Proxy clients are able to access the Internet, configure the HTTP Redirector to drop requests from SecureNAT and Firewall clients. Then you can analyze the Web Proxy service logs to determine why the client can and cannot access FTP sites. Make sure all fields are enabled, so that you can tell which rule is alllowing/denying access. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] Sent: Monday, February 17, 2003 1:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be) http://www.ISAserver.org Hi, thaks for your time. Yes, the clients are logged onto the domain, I have reviewed the logs, no just Web proxy logs, the Firewall logs too. Look at the Firewall log when a client request a FTP site: 192.168.60.2 - - 06:52:04 - 169.158.1.20 21 21 TCP Connect 13301 - S&C A Sitios ONAT 192.168.60.2 - - 06:52:04 - 169.158.1.20 21 21 TCP Connect 13301 - S&C A Sitios ONAT Why with older vertions of IE I haven't problem with this? Note. One more data: RAS Clients can navegate FTP Sites. -----Original Message----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Date: Mon, 17 Feb 2003 00:26:46 -0600 Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to be) > http://www.ISAserver.org > > > Hi Alfonso, > > You need to configure the clients as Web Proxy clients and you need to > configure the HTTP Redirector to drop requests from Firewall client and > SecureNAT clients. At that point, only requests from Web Proxy clients > will be accepted by the Web Proxy service. > > However, since you're not using the SecureNAT or Firewall client > configurations, the ONLY way the clients will access external FTP sites > is via the Web Proxy service. Make sure the clients log onto the domain > so that they have credentials to the send the Web Proxy service. > > Review your Web Proxy logs for troubleshooting issues. > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > -----Original Message----- > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > Sent: Sunday, February 16, 2003 11:40 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > be) > > > http://www.ISAserver.org > > > > Thanks, but It did not work. > > The clients making the request are not SecureNAT clients nor Firawall > Clients. They are just trying to access FTP sites outsite the LAN with > IE. Remember I wrote that IE versions up to 4.0 works fine. > > Saludos, > > Lesky Alfonso M. > > > -----Original Message----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Date: Sun, 16 Feb 2003 23:13:59 -0600 > Subject: [isalist] RE: Web proxy or Firewall Client (to be or not to > be) > > > http://www.ISAserver.org > > > > > > Hi Alfonso, > > > > Configure the HTTP Redirector to drop requests from SecureNAT and > > Firewall clients. Then require authentication. > > > > HTH, > > Tom > > > > Thomas W Shinder > > www.isaserver.org/shinder > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > > > > > > > -----Original Message----- > > From: Lesky Alfonso M. [mailto:leskyam@xxxxxxxxxxxxxxx] > > Sent: Sunday, February 16, 2003 11:03 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Web proxy or Firewall Client (to be or not to be) > > > > > > http://www.ISAserver.org > > > > > > Hi, thanks for your time. > > > > Web Proxy Clients appears as Firewall Clients!!!??? > > > > 1. I have ISA Server (SP1) installed on a w2k. > > 2. The objects of the ISA are in the Active Directory > > Schema. > > 3. There are Two NICs on the ISA Server PC. > > > > When I configure a rule for FTP Access "Applied to any > > request o to a group of IPs" everything is ok, but when I > > Applie this rule to a especific group of users there is no > > access and the Clients appears to be Firewall clients. > > Some days ago I installed a computer with W95, IE 3.01 and > > while nobody got access to FTP sites aoutside my network > > that PC got it, I updated IE to version 4.0 and everything > > OK, but que updated to IE 5.0, the situation was the same > > for this PC too. When I install firewall client software > > on workstatios no more problen with FTP access, but I > > think taht is not the solution. This situation is diferent > > with HTTP, I separate the rules (one for FTP & one for > > HTTP) and I am applying the rule to the especific group of > > users without problems. > > > > Does anyone know what is going on? > > > > Thanks for your time, again. > > > > > > Saludos, > > > > Lesky Alfonso M. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List > as: > > tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List > as: > > leskyam@xxxxxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > leskyam@xxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')