RE: [isalist]possible fix ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004
- From: "Ara" <ara@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 26 Mar 2005 11:59:40 -0800
Hello Dan,
The registry settings works fine for me and only the default refresh
rate for it. (60-120 minutes) also I have disabled people to get into
proxy settings and change it.
As you say, if surcontrol isn't able to see incoming traffic request for
port 80 and only replies back to 8080, is there any way to redirect all
incoming direct access (80) to 8080? Sorry for confusion
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Friday, March 25, 2005 8:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: possible fix RE: ISAserver.org -
Review of SurfControl Web Filter 5.0 for ISA Server 2004
http://www.ISAserver.org
Now I'm really confused, your previous message said only
GPO was effective, now you're saying GPO is not for pushing down proxy
settings?
Okay, let's look at this in a little more detail.
IE, as in all Windows-based browsers, defaults to using
port 80 on the default gateway to contact websites. This is where the
problem we were discussing comes in, utilizing this method causes it to
bypass SurfControl.
So, to get around this problem, IE, as in all
Windows-based browsers, must use a "proxy" so SurfControl can filter it.
These proxy settings, in IE and almost all other Windows-based browsers,
are stored as Registry entries. When you go into the menus within these
browsers to make the proxy settings, they are merely a GUI interface
into making these registry changes.
You can visit each and every workstation, and enter the
proxy settings manually. However, most of the time in AD environments,
if a proxy server is in use, administrators use GPO to make these
registry changes upon login. Unfortunately, IE is the only program that
is "natively" capable of managing settings via GPO.
The scenario we're discussing having a problem also
involves all clients using the Firewall Client. The FWC also has the
ability to update these registry entries without the use of GPO.
Whenever the Firewall Client is refreshed, it will make the necessary
registry entries to make IE use a proxy server.
Thus, in order for a browser (in this case we're talking
about IE) to use a proxy server, it needs to have the necessary registry
entries. Whether you use GPO to set these proxy settings, or the FWC,
or entering them by hand makes ABSOLUTLEY NO DIFFERENCE!
I hope this will clear this up a bit more for you...
From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
Sent: Thursday, March 24, 2005 15:19
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: possible fix RE: ISAserver.org -
Review of SurfControl Web Filter 5.0 for ISA Server 2004
http://www.ISAserver.org
GPO is not for pushing down the IE proxy setting, it is
for lock the setting
tab at user's IE, then FCW with webproxy setting is
fixed and unchangable
at user's side!
----- Original Message -----
From: Ball, Dan <mailto:DBall@xxxxxxxxxxx>
To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>
Sent: Friday, March 25, 2005 4:06 AM
Subject: [isalist] RE: possible fix RE: ISAserver.org -
Review of SurfControl Web Filter 5.0 for ISA Server 2004
http://www.ISAserver.org
Could you please explain this a bit more? I fail to see
how it would make a difference whether the proxy settings were pushed
out via FWC or GPO. Either way, you have the proxy settings in IE, and
they can disable them.
From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
Sent: Thursday, March 24, 2005 14:39
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: possible fix RE: ISAserver.org -
Review of SurfControl Web Filter 5.0 for ISA Server 2004
http://www.ISAserver.org
To make a consistant filter to user's web access, only
GPO is effective because
user under FWC only can disable web proxy server for a
while until FWC
is refreshed! If some bad boy would like to see a
prohibited site, they can
uncheck webproxy tab!
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking:
http://www.windowsnetworking.com
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: ara@xxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
