Re: ISA server 2004 and Bluecoat proxy
- From: "Jim Harrison \(ISA SE\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 21 Apr 2008 11:07:52 -0700
"windows 2003 sp1 and fully updated" is a conflicting statement. If Windows
is fully updated, then SP2 and all following updates have been applied.
Also, "ISA server has one network adapter" and "secureNAT clients" create a
conflict; you cannot have both.
When you enable caching, you also enable the web proxy; they're intimately
connected.
If you disable the web proxy, ISA stops testing the upstream proxy.
ISA will test the upstream proxy in the same way any client would test the
connection to a proxy:
1. if the TCP connection succeeds, the make a request
2. if the request succeeds, then all is good
if ISA is complaining about the upstream proxy failing, then this is because
the upstream proxy is not responding quickly enough to either #1 or #2 (only
a capture can tell).
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"ALISA - STS" <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1457A5AC-E77C-432D-9DCE-EE1EB396F510@xxxxxxxxxxxxxxxx
Dear All;
i hope someone help me in this issue.
We have ISA 2004 standard edition with SP3 , on windows 2003 sp1 and fully
updated . and no viruses detected on the server. this ISA server has one
network adapter . and configured as cache only server.
All clients are either web proxy clients or secureNAT clients
The ISA server is configured to redirect web request to primary Bluecoat
proxy device and if the primary failed , ISA will route to backup bluecoat (
using web chaining rule)
The problem is that : during the day many warning events appear on ISA
alerts says that the ISA detect that the primary bluecoat device is
unavailable and ISA is routed to the backup bluecoat device. After 3 seconds
or less another event state that the primary bluecoat is available and ISA
will return to this bluecoat. This behavior is making internet connectivity
unstable on clients side.
how do i solved this : I have solved this issue by disable the cache to
enforce all web request to pass to bluecoat then i disabled HTTP web proxy
filter ( used by NAT clients) + edit system policy allow HTTP/HTTPS from Isa
server to specified site and add the IP addresses of the two bluecoat
devices.
Then NO warning events were logged.
But if I enable ISA cache these error appears again
Can I disable application filter since Isa server work as cache only server?
Is SecureNAT clients supported on this ISA server( cache only) ?
What is th relation between enable ISA server cache and web chaining
problem?
The other problem is that the clients web browsing through ISA is very slow,
but when clients connect directly to bluecoat ,internet browsing is so fast
The ISA server TCP/IP setting is ip x.x.x.x DNS : ip of the domain
controller
DNS name resoulution on ISA is disabled using scritp from Microsoft web
site.
I read the KB http://support.microsoft.com/default.aspx?scid=kb;en-us;839510
that talk about disable name resolution on ISA and I think its applicable on
ISA that works as firewall not cache only.
Is this true ?
Note that all dns name resolution is passed from ISA to bluecoat.
How can I ensure that the slow internet browsing is from DNS ? . and is
disable name resolution on ISA 2004 (cache only server is supported)
.
- Follow-Ups:
- Re: ISA server 2004 and Bluecoat proxy
- From: ALISA - STS
- Re: ISA server 2004 and Bluecoat proxy
- References:
- ISA server 2004 and Bluecoat proxy
- From: ALISA - STS
- ISA server 2004 and Bluecoat proxy
- Prev by Date: Re: ISA Server and two internet connections
- Next by Date: Re: ISA server 2004 and Bluecoat proxy
- Previous by thread: ISA server 2004 and Bluecoat proxy
- Next by thread: Re: ISA server 2004 and Bluecoat proxy
- Index(es):
Relevant Pages
|
Loading
