ISA 2004 Question
|
Prev: SBS 2003 R2 Red Indicator Service .NET Framework NGEN v4.0.303
Next: SBS Console doesn´t see companyweb
From: "Jeff Teel" jdteel on 5 Jul 2010 20:19 I have had ISA 2004 installed on my SBS 2003 server every since it was put into service and it has never allowed LAN workstations to access the Internet without having proxy settings in the web browser. I had to do a restore recently and after that was completed I noticed that if I unchecked the use proxy check mark in my browser I could still access Internet pages and of course my restricted web page settings were being ignored because of not using the server proxy. The proxy is working because when I have the proxy in the browser check to use it does block the web pages in my "denied" list. Can anyone give me a place to look for something that may have changed that would cause this symptom? The restore was done from a full server backup that was only a few days old. Thanks for your suggestions. Jeff
From: Steve Foster on 6 Jul 2010 07:41 Jeff Teel wrote: > I have had ISA 2004 installed on my SBS 2003 server every since it > was put into service and it has never allowed LAN workstations to > access the Internet without having proxy settings in the web browser. > I had to do a restore recently and after that was completed I noticed > that if I unchecked the use proxy check mark in my browser I could > still access Internet pages and of course my restricted web page > settings were being ignored because of not using the server proxy. > The proxy is working because when I have the proxy in the browser > check to use it does block the web pages in my "denied" list. Can > anyone give me a place to look for something that may have changed > that would cause this symptom? > > The restore was done from a full server backup that was only a few > days old. Possibilities: * there's another route to the internet (that doesn't involve going through the SBS/ISA), * there's a higher-priority rule that says "Allow any HTTP for all Users" * the Firewall Client is installed (it automatically handles proxying for non-proxy-aware/configured applications), and there's a rule that says "Allow any HTTP for <some set of Authenticated Users>". How did/Could workstations reach the internet while you were restoring the SBS? -- Steve Foster For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
From: "Jeff Teel" jdteel on 6 Jul 2010 22:04 During the restore I replaced the server with a simple router that had the same IP address on both sides as the server did while it was in service. I did that so the clients could still have Internet access while I was working on the server. I have cleared the DNS cache on one of the workstations connected to the SBS network to see if that was causing this but am still able to access WAN web content instead of getting ISA's generic page of not able to view web page. ISA was restored as a part of the backup as well so it should be exactly like it was before I had to do the restore. I do have other rules in ISA but they were there before all of this too. Right now I suspect the firewall client but I'm not sure just what to do to it to fix it. Is there something I need to look for in that area or am I going in the wrong direction? Thank you for your input Steve. I appreciate it very much. Jeff "Steve Foster" <stevefoster(a)invalid.invalid> wrote in message news:xn0gwb9muo0y72k00y(a)news.eternal-september.org... > Jeff Teel wrote: > >> I have had ISA 2004 installed on my SBS 2003 server every since it >> was put into service and it has never allowed LAN workstations to >> access the Internet without having proxy settings in the web browser. >> I had to do a restore recently and after that was completed I noticed >> that if I unchecked the use proxy check mark in my browser I could >> still access Internet pages and of course my restricted web page >> settings were being ignored because of not using the server proxy. >> The proxy is working because when I have the proxy in the browser >> check to use it does block the web pages in my "denied" list. Can >> anyone give me a place to look for something that may have changed >> that would cause this symptom? >> >> The restore was done from a full server backup that was only a few >> days old. > > Possibilities: > > * there's another route to the internet (that doesn't involve going > through the SBS/ISA), > * there's a higher-priority rule that says "Allow any HTTP for all > Users" > * the Firewall Client is installed (it automatically handles proxying > for non-proxy-aware/configured applications), and there's a rule that > says "Allow any HTTP for <some set of Authenticated Users>". > > How did/Could workstations reach the internet while you were restoring > the SBS? > > -- > Steve Foster > For SSL Certificates, Domains, etc, visit.: > https://netshop.virtual-isp.net
From: Steve Foster on 7 Jul 2010 07:23 Jeff Teel wrote: > During the restore I replaced the server with a simple router that > had the same IP address on both sides as the server did while it was > in service. I did that so the clients could still have Internet > access while I was working on the server. I have cleared the DNS > cache on one of the workstations connected to the SBS network to see > if that was causing this but am still able to access WAN web content > instead of getting ISA's generic page of not able to view web page. > ISA was restored as a part of the backup as well so it should be > exactly like it was before I had to do the restore. I do have other > rules in ISA but they were there before all of this too. Right now I > suspect the firewall client but I'm not sure just what to do to it to > fix it. Is there something I need to look for in that area or am I > going in the wrong direction? > > Thank you for your input Steve. I appreciate it very much. You need to review the ISA rules, and use ISA logging to figure out how they're getting out. The live query view can be very helpful here (providing you configure and limit it appropriately). -- Steve Foster For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
From: Al Williams on 7 Jul 2010 11:59 On our SBS2003 it has always allowed both proxy and non-proxy IE access as long as the ISA firewall client was installed on the PC. I think that is how it is setup out of the box but I may be wrong. If you later installed the firewall client on those PC's then that could be the difference. Disabling it would prevent access, but FTP and other protocols would no longer work from the clients. -- Allan Williams Jeff Teel wrote: > I have had ISA 2004 installed on my SBS 2003 server every since it > was put into service and it has never allowed LAN workstations to > access the Internet without having proxy settings in the web browser. > I had to do a restore recently and after that was completed I noticed > that if I unchecked the use proxy check mark in my browser I could > still access Internet pages and of course my restricted web page > settings were being ignored because of not using the server proxy. > The proxy is working because when I have the proxy in the browser > check to use it does block the web pages in my "denied" list. Can > anyone give me a place to look for something that may have changed > that would cause this symptom? > The restore was done from a full server backup that was only a few > days old. > Thanks for your suggestions. > > Jeff
|
Next
|
Last
Pages: 1 2 Prev: SBS 2003 R2 Red Indicator Service .NET Framework NGEN v4.0.303 Next: SBS Console doesn´t see companyweb |