[ISAserver.org Discussion List] Re: webchaining.
- From: "Michael Ross" <mross@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 21 Mar 2006 15:17:52 -0600
on my upstream proxy, the before the firewall, its set to Route, not
NAT.
if it was set to NAT, the upstream proxy's IP was shown.
so, i was hoping my downstream would show the client IP
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Tuesday, March 21, 2006 2:58 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List] Re: webchaining.
Yep, that is weird.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross
Sent: Tuesday, March 21, 2006 2:40 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List] Re: webchaining.
ya know i think its just odd.
right now my upstream proxy sends the client IP to the
firewall..
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, March 21, 2006 2:22 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List] Re: webchaining.
You can't have it both ways. If you want to use the local Web
proxy, you must accept the source IP address being that of the
downstream ISA firewall.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross
Sent: Tuesday, March 21, 2006 2:18 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List] Re:
webchaining.
i want them to cache locally, but i want one place to
watch the activity
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, March 21, 2006 2:11 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List] Re:
webchaining.
What's the point of having them use the local proxy? Why
not just configure the clients to connect directly to the upstream Web
proxy and bypass proxy on the destination server? Turn off Web proxy
support on the downstream and away you go.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross
Sent: Tuesday, March 21, 2006 2:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List] Re:
webchaining.
so basically i have to setup something to tail
what's being entered into the MSDE database as the users hit the web,
right?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, March 21, 2006 1:44 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List] Re:
webchaining.
Yes, but you won't have Web proxy chaining. You
need a ROUTE Network Rule and no Web proxy services at the downstream.
I.e., no local caching.
Thomas W Shinder, M.D.
Site: www.isaserver.org
<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross
Sent: Tuesday, March 21, 2006 12:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List]
Re: webchaining.
any way to have it log the IP address of
the actual client on the upstream ISA? it would make monitoring the
clients so much easier.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, March 21, 2006 11:49 AM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List]
Re: webchaining.
Hi Mike,
That's expected and what's supposed to
happen.
Thomas W Shinder, M.D.
Site: www.isaserver.org
<http://www.isaserver.org/>
Blog:
http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross
Sent: Tuesday, March 21, 2006 11:38 AM
To: isalist@xxxxxxxxxxxxx
Subject: [ISAserver.org Discussion List]
webchaining.
Another question.
When I watch my logs on the upstream
proxy, I see users coming thru with the IP address of the downstream
proxy, not of the client they are on.
Thoughts?
Other related posts:
