Re: ISA2004 problems in SBS2K3 Prem.
- From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
- Date: Fri, 01 Jul 2005 02:19:46 -0700
Hi Torrey
Go into monitoring and then sessions... now have a client try the app..what's blocking it?
Sessions
Using the Microsoft Internet Security and Acceleration (ISA) Server 2004 real-time monitoring feature, you can centrally monitor ISA Server computer activity. The Sessions view is refreshed automatically, each time a new session is identified by ISA Server. For instructions, see View sessions <MS-ITS:ISA.chm::/CMT_H_SessionView.htm>.
A session is the unique combination of a client's IP address and user name. When ISA Server does not require authentication, all traffic from the same IP address is considered a single session. If a Web browser opens more than one TCP connection to the same IP address, ISA Server considers the connections to be a single session.
ISA Server lists sessions of the following types: Firewall client, SecureNAT, virtual private network (VPN) client, VPN site-to-site, and Web Proxy.
Web Proxy sessions indicate the last minute of Web browser activity, even if the client is not currently browsing.
If a publishing server is currently being published, ISA Server will show it as a Firewall client session. Therefore, some Firewall client sessions may be listed, even if no client is actually connected.
All session details are listed in the Sessions view. A summary of total Firewall client, SecureNAT, and Web Proxy sessions is displayed on the Dashboard. For more information, see Dashboard <FW_Dashboard.htm>.
Note
* When IP routing is disabled, traffic from users and IP addresses
is listed in the Sessions view. When IP routing is enabled, only
sessions from traffic that passes using an application filter is
listed.
Filtering Sessions view
You can filter the Sessions view to focus on specific issues. For example, if a client reports problems connecting, you can filter the Sessions view to display only sessions initiated by that client. The Sessions view displays only data for sessions that match all the expressions included in the filter. The filter expressions are combined using the logical *AND* operator. For instructions, see Monitor specific sessions <FW_H_EditSesFltr.htm>.
After you create a query, effectively filtering the Sessions view, you can save it for future use. It is often useful to have a set of queries, with each query used to focus on a different session type. For instructions, see Save a filter definition <FW_H_SaveSesFltr.htm> and Load a filter definition <FW_H_LoadSesFltr.htm>.
Disconnecting sessions
The Sessions view provides a visual indication of any potentially malicious or unwanted session activity. In the Sessions view, you can stop the unwanted session immediately. For instructions, see Disconnect a session <FW_H_StopSession.htm>.
When you stop a session, all associated connections are also closed.
Note that stopping sessions will not prevent a client from reactivating the session. Instead, you must change the firewall policy configuration, creating a rule that specifically denies access to the unwanted clients. For more information, see How firewall policy works <CMT_IncomingOrder.htm>.
Pausing and stopping session monitoring
You can stop session monitoring, essentially clearing the Sessions view on ISA Server. When you stop session monitoring, ISA Server loses all information about any sessions that had been monitored. When you restart session monitoring, ISA Server must collect all information about active sessions.
Alternatively, you can pause monitoring. In this case, sessions displayed in the Sessions view are not removed. However, new sessions are not added to the view. When you resume session monitoring, ISA Server updates the Sessions view with the relevant, new session information.
For instructions, see Pause monitoring sessions <FW_H_PauseSesFltr.htm> and Stop monitoring sessions <FW_H_StopSesFltr.htm>.
Torrey Lauer wrote:
I still can't access a java chat room that I use for networking with other agencies. I have created an "All/All/All" rule in ISA2004, but that didn't do the trick. The "All/All/All" rule did work in ISA2000 to allow me acecss to the java chat room, but not in ISA2004.
So, my question is, if I check ISA logs to see what is being blocked, will I be able to find out from those logs what needs to be opened in ISA2004 to get access to the java chat room?
If so, where do I find those logs?
--
An open letter to the Security Community:: http://msmvps.com/bradley/archive/2004/12/12/23540.aspx
.
- Prev by Date: RE: slow network access
- Next by Date: RE: TS disconnects when minimized a couple minutes
- Previous by thread: RE: slow network access
- Next by thread: RE: ISA2004 problems in SBS2K3 Prem.
- Index(es):
Relevant Pages
|
