Re: ISA 2000 Firewall Log
- From: "A.Klimkin" <aklimkin at mail dot ru>
- Date: Wed, 6 Apr 2005 09:46:55 +0400
Upff. What a thread! ;-)
> If I only allow http traffic through my ISA server, and a 3rd party
> application requires internet access for whatever reason on a port other
> than
> port 80 or if it uses port 80 it isn't able to detect and use the IE proxy
> config, it will try to get access to the internet but ISA will reject it
> because this 3rd party program doesn't know there is a proxy on the
> network
> and fail.
Yes, it is.
> It will then try to get out using the firewall service
No.
Again. Snat clients have no idea about firewals/proxies. They just sending
its traffic according to the routing table and getting replies.
Intermediate routers/firewalls will pass or reject that traffic according to
their ACLs/access policy. So far, so good.
The firewall log entries appears because the traffic from the snat clients
hits the firewall. I have to admit that I don't know if web requests
rejected by HTTP redirector filter should appear in firewall logs and how do
they look like. And I do not have an ISA2000 installation handy to check
this out.
> (Where I'm seeing workstations appear in the log) but this doesn't mean
> that it's
> actually getting internet access, correct? If this is correct how do I
> know
> that a program is actually being blocked if it shows up in the firewall
> log?
You should look into your logs and translate the appropriate entries using
the documentation. Let's do it for the FW log entry you qouted earlier:
--- log entry start
10.175.130.62, -, -, -, 4/2/2005, 8:29:54, -, ISASERVER, -, -,
207.46.253.188, 80, -, 0, 0, 80, TCP, Connect, -, -, -, 13301, -, -, -, 726,
2503
--- log entry end
Using these helpful readings:
1. MS ISA Server 2000 Firewall and Web Proxy log fields:
http://www.microsoft.com/resources/documentation/isa/2000/enterprise/proddocs/en-us/isadocs/m_s_c_loggingfields.mspx
2. MS KB article 'A Description of the Various Log Files and Fields':
http://support.microsoft.com/?kbid=284818
So we have got a client "10.175.130.62" requesting the "207.46.253.188:80"
via "ISASERVER" and request have been denied by the firewall policy (that is
the meaning of "13301" winsock error code).
Regards,
Andrew
>
> Once again, Thanks for your advice,
> Mike
>
> "Andrew Klimkin" wrote:
>
>> > MY Http Redirector filter is enabled and set to Reject HTTP requests
>> > from
>> > Firewall and SecureNat Clients. Should this deny any non http request
>> > from
>> > getting to the internet?
>> No. HTTP Redirector filter has nothing to do with any non-HTTP traffic.
>> But
>> it is effectively prevents HTTP connections from snat and firewall
>> clients
>> via firewall service.
>> You control any non-HTTP connections with ISA Protocol Rules.
>>
>> Regards,
>> Andrew
>>
>>
>>
.
- Follow-Ups:
- Re: ISA 2000 Firewall Log
- From: banker2640
- Re: ISA 2000 Firewall Log
- References:
- ISA 2000 Firewall Log
- From: banker2640
- Re: ISA 2000 Firewall Log
- From: Sergio Fonseca [MVP]
- Re: ISA 2000 Firewall Log
- From: banker2640
- Re: ISA 2000 Firewall Log
- From: banker2640
- Re: ISA 2000 Firewall Log
- From: A.Klimkin
- Re: ISA 2000 Firewall Log
- From: banker2640
- Re: ISA 2000 Firewall Log
- From: A.Klimkin
- Re: ISA 2000 Firewall Log
- From: banker2640
- Re: ISA 2000 Firewall Log
- From: Andrew Klimkin
- Re: ISA 2000 Firewall Log
- From: banker2640
- ISA 2000 Firewall Log
- Prev by Date: Re: SOS ! Why doing windows update via ISA 2000 always got Fail ?
- Next by Date: Session monitoring
- Previous by thread: Re: ISA 2000 Firewall Log
- Next by thread: Re: ISA 2000 Firewall Log
- Index(es):
Relevant Pages
|
|
