Re: Firewall Client Extremely Chatty

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

As I said, you'll see FW log entries that include the application name and a
version number in the "client-agent" field.
These are FWC-sourced requests.
What the logs show depends on the field options you've selected.
ISA doesn't log every SYN/SYN_ACK, etc.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:BaSdnZg8EN7gBDDYnZ2dnUVZ_rOqnZ2d@xxxxxxxxxxxxxxx
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:0F1225CF-75CC-4A75-92AF-DBDAF5BDB5B9@xxxxxxxxxxxxxxxx
ISA does show you where FWC traffic is going - ISA has this in the
firewall
log.
All FWC traffic will include an appliation name in the "Client-Agent"
field,
along with a number that indicates the OS version.
You can see the client IP and the final destination of the request.

The FWC is as hinted at by Phil (hi Phil), a "Winsock remoter" that allows
non-proxyable traffic such as POP3, SMTP, etc. to act as if it were
located
on the ISA itself (ISA policies permitting, of course). If you deploy an
"allow all" policy set, then yes; you can use anything you want thorugh
ISA.
If you use a "deny all except" policy, then you can control who uses what.

Thank you for that information. If things are working as designed, what
should see in addition to the connections to the ISA Server on 1745/UDP from
the computers running firewall client? How will we see the endpoints in
the firewall log? Will it simulate an end to end connection and show the
source IP of the machine running firewall client together with the
destination IP of the computer on the Internet? Or will only only show
the connection from the client to the firewall, and then a separate
connection from the firewall to the actual destination?

--
Will



.

Relevant Pages

  • RE: Force use of ISA Firewall Client
    ... the Firewall client automatically sends user credentials ... or the user account must be mirrored on the ISA 2004 firewall. ... Firewall Client will result in usernames being included in the ISA logs, ... But if you visit Websites or FTP, the web proxy has improved performance. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA page not displayed Outside
    ... Open ISA 2006 management console. ... Expand the server node and highlight 'Monitoring'. ... Click 'Configure Firewall Logging'. ... |> internal client as both the web proxy client and firewall client? ...
    (microsoft.public.windows.server.sbs)
  • Re: Is this a 3-Leg Perimeter scenario?
    ... the same configuration as I had it originally before upgrading to ISA 2004 ... No PersisentRoute enrty on the clients; no firewall client disabling; no IE ... using IE to access the FTP. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN timeouts
    ... I do not use ISA & was wondering if there is a configurable option on the ... You remote clients VPN connection will timeout while trying to connect SBS ... between remote client and SBS server which caused by lack of network ...
    (microsoft.public.windows.server.sbs)
  • RE: RWW not accessible over web
    ... You can install the ISA firewall client on the laptop. ... |> option will configure ISA to provide network security and packet ... Before you run the Configure E-mail and Internet Connection Wizard, ...
    (microsoft.public.windows.server.sbs)