Re: Client authentication

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 05/22/04 

Date: Sat, 22 May 2004 13:04:05 -0700

DW,
I would not recommend opening up your firewall with open
rules. You lose contrrol over any unauthorized traffic to
the Internet... ie. spyware reporting, infected LAN
machines infecting remote networks, more. Besides, in this
situation I would guess that would probably also not solve
your problem.

I have found two configurations which might solve your
problem...

1. Force FW and Web Proxy clients while disabling SNAT
support by reconfiguring your DHCP to <not> hand out the
Default Gateway to your clients. Without a Default
Gateway, each client relies entirely on its connection to
ISA for Internet access and cannot create an independent
connection to the Internet. The idea behind this method is
to permit only specified authenticated sessions.

2. Create Client Sets which contain your network's IP
addresses and re-configure your Site&Content and Protocol
rules to point to the Client Set instead of the Internet
Users group. You lose the ability to identify the Windows
User associated with traffic in your logs and access is by
machine instead of by User using this method. The idea
behind this method is that by not using Username/Password
authentication, ISA won't prompt for it.

HTH,
Tony Su

>-----Original Message-----
>ISA 2000 and do you have egress filtering on and you
didn't have it on
>in SBS 2000?
>
>go to www.smallbizserver.net and find the entry about
Quickbooks and ISA
>and either open up all/all/all or do a rule set.
>
>DW wrote:
>
>> Hi all,
>> I have a client who needs to download a lot of media
files.When using
>> SBS2000 and dowloading windows media files from the
internet, there was no
>> problem.
>> Now with SBS2003, client machines are being asked for
proxy authentication.
>> Not all the time but 90%.
>> Client machines are setup as Firewall clients.
>>
>> Any suggestions?
>>
>> Thanks
>> D
>>
>>
>
>.
>

Relevant Pages

  • RE: RWW not accessible over web
    ... Can the client access Internet web sites when you ... Extract all files to a folder on ISA server. ... 'Microsoft Firewall' service. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2000 - Open Remote Port
    ... website on the internet by using a port other than 443. ... Blank page or page cannot be displayed when you view SSL sites through ISA ... Do you configure all the internal clients as both the Web Proxy client ... configure ISA server as your Proxy ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet access with local PPP links
    ... Extract all files to a folder on ISA server ... This newsgroup only focuses on SBS technical issues. ... if I disable the ISA client but leave IE setup to use the ... | server at port 8080 then the user can still surf the Internet fine. ...
    (microsoft.public.windows.server.sbs)
  • RE: RWW not accessible over web
    ... If this happens on all internal clients, I think this is a ISA server 2004 ... Click the "Connect to the Internet" link. ... 'Microsoft Firewall' service. ... | outlook client of exchange server. ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS Premium, Secure Banking site, certificate = no joy
    ... firewall client installed cannot access a specific banking web site. ... settings and create the ISA rules. ... 825763 How to configure Internet access in Windows Small Business Server ... On the ISA Server computer, stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)