Re: ISA server 2004 and Bluecoat proxy

Sorry; you're misunderstanding that article.

"i have trace that the bluecoat is never go down" - using what? Have you
obtained network captures?
One thing you can do to speed up ISA in a web chaining scenario is to
disable name lookups for the ISA.
There is an example on how to accomplish this here:
http://msdn2.microsoft.com/en-us/library/ms826264.aspx

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"ALISA - STS" <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:86ABA581-0FBE-4E55-AF30-8C0B29B65EA3@xxxxxxxxxxxxxxxx
Dear Jim;
first thank you for your notes.
second as i told you ((http web proxy filter)) is designed for (
SecureNAT,Firewall clients) and you can disable it. without disable web
proxy
filter to web proxy clients . you can check in
http://www.microsoft.com/technet/isa/2004/plan/ts_proxy_traffic.mspx
go to the last page and you will find that am true.

the only problem that i have that many erros appear in ISA state that WEb
chaining problem occured,then after 2 seconds another events states that the
blue coat device in online.this make connectivity for clients not perfect.
i have trace that the bluecoat is never go down.this is the problem.
another thing web browsing is very slow through ISA, but through bluecoat is
perfect.


"Jim Harrison (ISA SE)" wrote:

Regardless how you feel, Windows 2003 is not fully updated if you don't
have
SP2 and all following patches (especially
http://support.microsoft.com/kb/936594/).

I don't know where you get the idea that the web proxy filter only applies
to SecureNAT and Firewall clients - this is not true.
You're asking several different questions; what exactly are you trying to
solve?

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"ALISA - STS" <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:81A34507-EB02-4C1C-8E4B-9DF6830B6AF4@xxxxxxxxxxxxxxxx
Dear JIM;
first my ISA 2004 sp3 is on windows 2003 sp1 and have all updates without
SP2.
second i told you about disable HTTP web proxy filter ( this filter
applies
for secureNAT and firewall clients)
but the web proxy filter for web proxy clients cannot be disabled ( this
is
by desighn)

third: i want to ask that microsoft post an article to disable name
resolution on ISA 2004/2006 but when i read the article ite related to ISA
server that is configured as firewall server. if i disable name resolution
on
ISA sa cache only server (one NIC) id that will success???

thanks lot

"Jim Harrison (ISA SE)" wrote:

"windows 2003 sp1 and fully updated" is a conflicting statement. If
Windows
is fully updated, then SP2 and all following updates have been applied.
Also, "ISA server has one network adapter" and "secureNAT clients"
create
a
conflict; you cannot have both.

When you enable caching, you also enable the web proxy; they're
intimately
connected.
If you disable the web proxy, ISA stops testing the upstream proxy.

ISA will test the upstream proxy in the same way any client would test
the
connection to a proxy:
1. if the TCP connection succeeds, the make a request
2. if the request succeeds, then all is good

if ISA is complaining about the upstream proxy failing, then this is
because
the upstream proxy is not responding quickly enough to either #1 or #2
(only
a capture can tell).

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"ALISA - STS" <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1457A5AC-E77C-432D-9DCE-EE1EB396F510@xxxxxxxxxxxxxxxx
Dear All;
i hope someone help me in this issue.
We have ISA 2004 standard edition with SP3 , on windows 2003 sp1 and
fully
updated . and no viruses detected on the server. this ISA server has one
network adapter . and configured as cache only server.
All clients are either web proxy clients or secureNAT clients
The ISA server is configured to redirect web request to primary
Bluecoat
proxy device and if the primary failed , ISA will route to backup
bluecoat
(
using web chaining rule)
The problem is that : during the day many warning events appear on ISA
alerts says that the ISA detect that the primary bluecoat device is
unavailable and ISA is routed to the backup bluecoat device. After 3
seconds
or less another event state that the primary bluecoat is available and
ISA
will return to this bluecoat. This behavior is making internet
connectivity
unstable on clients side.
how do i solved this : I have solved this issue by disable the cache to
enforce all web request to pass to bluecoat then i disabled HTTP web
proxy
filter ( used by NAT clients) + edit system policy allow HTTP/HTTPS from
Isa
server to specified site and add the IP addresses of the two bluecoat
devices.
Then NO warning events were logged.
But if I enable ISA cache these error appears again
Can I disable application filter since Isa server work as cache only
server?
Is SecureNAT clients supported on this ISA server( cache only) ?
What is th relation between enable ISA server cache and web chaining
problem?




The other problem is that the clients web browsing through ISA is very
slow,
but when clients connect directly to bluecoat ,internet browsing is so
fast
The ISA server TCP/IP setting is ip x.x.x.x DNS : ip of the domain
controller
DNS name resoulution on ISA is disabled using scritp from Microsoft web
site.
I read the KB
http://support.microsoft.com/default.aspx?scid=kb;en-us;839510
that talk about disable name resolution on ISA and I think its
applicable
on
ISA that works as firewall not cache only.
Is this true ?
Note that all dns name resolution is passed from ISA to bluecoat.
How can I ensure that the slow internet browsing is from DNS ? . and is
disable name resolution on ISA 2004 (cache only server is supported)



.

Relevant Pages

  • Re: ISA server 2004 and Bluecoat proxy
    ... second as i told you ((http web proxy filter)) is designed for ( ... SecureNAT,Firewall clients) and you can disable it. ... the only problem that i have that many erros appear in ISA state that WEb ... server that is configured as firewall server. ...
    (microsoft.public.isa.configuration)
  • Re: ISA server 2004 and Bluecoat proxy
    ... i want to ask about event 14130 that related to web proxy chain fauilire. ... If you were able to work around the upstream proxy server, ... upstream ISA Server, you might want to change it back. ... SecureNAT,Firewall clients) and you can disable it. ...
    (microsoft.public.isa.configuration)
  • Re: ISA server 2004 and Bluecoat proxy
    ... second i told you about disable HTTP web proxy filter (this filter applies ... but the web proxy filter for web proxy clients cannot be disabled (this is ... resolution on ISA 2004/2006 but when i read the article ite related to ISA ... server that is configured as firewall server. ...
    (microsoft.public.isa.configuration)
  • Re: Wireless extension to network - client proxy problems
    ... In ISA, I've got "Require all users to authenticate" unchecked. ... they are Web Proxy clients. ... The reason this is important is because it affects authentication. ...
    (microsoft.public.windows.server.sbs)
  • RE: Wireless extension to network - client proxy problems
    ... kind of "client" are they with respect to ISA?: ... if the web browser points to the ISA server as a web proxy then they are ... they are firewall clients ... The reason this is important is because it affects authentication. ...
    (microsoft.public.windows.server.sbs)
Loading