Re: Firewall client not working but its session is visible in ISA-

It's not supported for ISA 2000, 2004 or 2006.
PSS will politely rebuff you when (not if) you call with a problem involving
anything other than web proxy functionality.
http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Boein" <Boein@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5276DE98-DA26-4555-904B-D929E34828BE@xxxxxxxxxxxxxxxx
Ok, found the problem. In ISA2006 - configuration - add-ins I enabled socks
V4 filter (after the installation it was disabled). First time it didn't
work because I only saved changes and didn't restart the services. You have
2 radio buttons after changing someting, I didn't read the second one
(saving
and restarting the service) thus only the settings were saved but not
applied. Most likely at a certain point, I rebooted the ISA or restarted
the
service making the FW-client work. So everyone saying the FW doesn't work
with an isa server and 1 nic was wrong. If I disable the socks setting
again, surfing through the fw-client doesn't work anymore, if I enable the
setting it works again.
It's true I do not use the full capacity of the ISA server, but hey I DO
want an M$ proxy-server ;-)

regards
Boein




That's weird, it has worked for 7 years on our ISA2000, but some features
didn't work reliably. This is the reason why I wanted to upgrade to
ISA2006,
after 7 years I should expect there would be a new FW-client and better
support. For the moment it does seem to work on my test-system but can I
take the risk to deploy it on my production servers? Do you have other
suggestions to make this thing work in a reliable way, another setup
perhaps?

Thanks
Boein



"Jim Harrison (ISA SE)" wrote:

It doesn't, at least not reliably.
As a result, it's not supported.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Boein" <Boein@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:32288379-4E7F-4AAA-8BDC-52AFB6B61C13@xxxxxxxxxxxxxxxx
Hi Philip,

is this also true for ISA2006, why does it work then? My client does
not go
"direct" to the internet, if I disable the FW-client on my pc, I get an
error, if I re-enable the client I can "see" the internet again. If I
look
at the session logs on the ISA server it reads "Firewall client" if the
FW
client is enabled on the client, so the ISA server must see and support
the
client, right?
Why it works out of the blue I don't know, but i'm not complaining ;-)

regards
Boein



"Phillip Windell" wrote:

You can't use the Firewall Client on a single homed ISA.

The features and limitations of a single-homed ISA Server 2004
computer
http://support.microsoft.com/kb/838364/en-us
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/single_adapter.mspx

Things may seem to be working when "nothing changed on the ISA"
because
things are messed up to the point that the Clients are not trying to
use
the
proxy and are going direct,...which the "firewall appliance" is
perfectly
happy to do if you never configured it to only allow outbound
HTTP/HTTPS
from the ISA's IP# only.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Boein" <Boein@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7B82EF50-825A-459F-9794-602697D0FCB9@xxxxxxxxxxxxxxxx
Hi Jim,

The Isa server is installed on a unihomed computer. The server has
a
single
nic connected to our lan. It is not installed as a firewall because
we
use
our own firewall appliance. The isa server only filers internet
traffic
and
sends it to the firewall. Anyway the problem seems to have gone,
out of
the
blue the fw-client worked again. I'm wondering if we could have
switching
problems in our network, becauses nothing changed in the Isa
configuration.

Kind regards,
Boein



"Jim Harrison (ISA SE)" wrote:

"configured it to work as a proxy-server" is less meaningful than
it
sounds.
is this ISA deployed on a single- or multi-homed machine?

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Boein" <Boein@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D3CA7073-0875-4F48-8EFA-A163B3AAF7C2@xxxxxxxxxxxxxxxx
Hi all,
I'm running ISA Server 2006 on windows 2003 R2 and configured it to
work
as
a proxy-server. When the clients connect via the browser there's
no
problem.
When the clients connect via the firewall-client with
proxysettings
disabled
in the ie-browser, the client cannot surf. Although, when I look
in
the
active sessions on the ISA-server, the client is listed there and
it's
session type is "Firewall client" . I enabled firewall client
support
on
the
network, but are there other things I should configure to make this
work?

Thanks
Boein








.

Loading