RE: standalone vs array
- From: John Burridge <JBurridge@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 14 Nov 2001 16:58:37 -0000
Sorry that is change rule 2 to apply to testuser
-----Original Message-----
From: Muqeem Syed [mailto:Syed.Muqeem@xxxxxxxxxxxx]
Sent: 14 November 2001 16:57
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
Hi JOhn,
Sorry for the confusion I am starting...OK let me get the entire thing
clear again
I have installed the firewall client on a test machine.
Create Rule: Allow all destinations,
Applies to: Requests coming from-----> domain\domain users, Exceptions :
Domain\testlog
Rule (2)
Rule : allow to the destionation set specified
Applies to: Requests coming from Domain\Domain Users
UserA from group A logs in .... test machine (With firewall client),
gets access to all sites.
User B logs in on test machine (With firewall client), authentication
dialogbox pops us...gets no access to any site..I have changed the
homepage as well to poin to www.dhl.com (one of the sites mentioend in
the destination set). Even then the authentication boxs pops up.
User B logs on to machine xyz (no firewall client) gets the
authentication box, typoes in username and password.. does not get
access to any site.
Regards
Rule (2)
Rule : Allow access to the specified destination set.
Applies to : Domain\domain users
-----Original Message-----
From: John Burridge [mailto:JBurridge@xxxxxxxxx]
Sent: Wednesday, November 14, 2001 6:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
Ok lets start again - this is getting a bit confused.
Have you done this?
Installed firewall client on test machine.
Create rule: Allow http to any destination
Apply: to group A users
Create rule: Allow http to the defined destination sets.
Apply: to group B users
Log on to test machine as a group A member. You should be able to access
everything.
Log on to test machine as a group B memebr. You should only be able to
access the destination sets
-----Original Message-----
From: Muqeem Syed [mailto:Syed.Muqeem@xxxxxxxxxxxx]
Sent: 14 November 2001 16:33
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
I have just installed the firewall client on one machine.. and testing
it out on that... but like i mentioned in the previous mailll the mail
just before this one.. that it prompts me for authentication but still
does not allow access to the specific site.. the order in which i have
set the site and content rules is as follows..
Site and content rule (1)
action allow
applies to all domain users, except group b
destination to all sites
site and content rule (2)
applies to: all domain users
Action : allow
Destination: to the sites mentioned in the destination set.
I ahave installed the firewall client on only one machine and logging on
that with the test user account, who belongs to group B.
REgards
-----Original Message-----
From: John Burridge [mailto:JBurridge@xxxxxxxxx]
Sent: Wednesday, November 14, 2001 6:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
If they are not using the firewall client they are not authenticating
with
the ISA server.
Have you made these rules apply to user groups? If you have, you need to
have the users authenticate so that ISA knows who to apply the rules to.
The
only other way I can think of doing it is if your users in group B are
assigned IP's from one pool and the rest of your users from another.
Then
assign your rules to these IP pools respectively.
John Burridge
-----Original Message-----
From: Muqeem Syed [mailto:Syed.Muqeem@xxxxxxxxxxxx]
Sent: 14 November 2001 16:12
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
No.. none of them are usinfg the firewall client... is that
neccessary...???
Regards
-----Original Message-----
From: John Burridge [mailto:JBurridge@xxxxxxxxx]
Sent: Wednesday, November 14, 2001 6:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
Are all your users using the firewall client?
-----Original Message-----
From: Muqeem Syed [mailto:Syed.Muqeem@xxxxxxxxxxxx]
Sent: 14 November 2001 16:06
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
We have installed ISA server in our production environment. The main
intention is for web caching and to control internet acecss to users. I
have created a destination set that includes a few sites. We have 2 user
groups.. one needs to get full access to the internet while the other
should be able to access only the sites mentioned in the destination
set.
I have created 2 site and contet rules... one allows group a access ot
the entire internet and the other allows all users access to the
specific sites mentioned in the destionation set. Even though i have
mentioned this, the users from group b, cannot access the sites
mentioned in the destionation set. Please help me with the
confgiuration.
Regards
-----Original Message-----
From: Periyasamy, Raj [mailto:psraj@xxxxxxxxxxxx]
Sent: Wednesday, November 14, 2001 6:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
John,
Thanks alot for the information.
Regards,
Raj
-----Original Message-----
From: John Burridge [mailto:JBurridge@xxxxxxxxx]
Sent: November 14, 2001 10:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: standalone vs array
http://www.ISAserver.org
1) Yes - you enter two DNS entries for whatever name you choose, and
point
them to the internal NICS ip address on each
2)To get fault tolerance, install the firewall client on end users
machines.
Arrays are a real pain in the proverbial if one line goes down. You will
get
no access for any user until you stop the services on the down server,
or
the line comes back up. I got around this by installing webtrends on
each
server, and creating a job that pinged an external router. If it couldnt
reach that, I had it run a job that stopped the services, and then ran
one
to start them when the line came back up. It has worked very
successfully so
far.
3)You could get load balancing, as the DNS entry will alternate which
server
you are sent to, but you will not get fault tolerance without the
Firewall
Client.
John Burridge
-----Original Message-----
From: Periyasamy, Raj [mailto:psraj@xxxxxxxxxxxx]
Sent: 14 November 2001 15:31
To: [ISAserver.org Discussion List]
Subject: [isalist] standalone vs array
http://www.ISAserver.org
I am currently managing two standalone ISA serevrs load balanced with
NLB
for internal users. All users access the ISA using the NLB virtual host
name. I am planning to migrate these two servers to an array (since our
AD
is now in place). Once the array is inplace NLB will be uninstalled.None
of
the clients are using firewall client in my network.
Questions:
1) Once I migrate to an array, will it be possible to access the array
using
a virtual host name like used by NLB. How is the virtual name assigned
to
the array?
2) How is the fault tollarance and load balancing applied to the
clients?
Currently none of my clients are using the auto configuration script,
They
point to the VHost name of the NLB host.
3) Is it possible to make use of the array's FT and LB features without
using the firewall client in workstations?
I would appreciate all inputs...
Thnaks in advance.
Regards,
Raj
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jburridge@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
psraj@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
syed.muqeem@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jburridge@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
syed.muqeem@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jburridge@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
syed.muqeem@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jburridge@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
syed.muqeem@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jburridge@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
