RE: ISA 2004 - Internet Access without using Firewall Client

Hello Chris,

Thank you for kind udpate.

I was just writing to say that I hope everything is going well.

Please do not hesitate to let me know if there's anything else I can do for
you.

Thank you and have a nice day,

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: ISA 2004 - Internet Access without using Firewall Client
| thread-index: Acd3bV22yh8Wmpz5S0+tj8c/lidV2g==
| X-WBNR-Posting-Host: 196.211.241.18
| From: =?Utf-8?B?Q2hyaXM=?= <chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <612506E2-3577-4379-AB00-F69F0E34AF99@xxxxxxxxxxxxx>
<2VkuaF1dHHA.5272@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: ISA 2004 - Internet Access without using Firewall Client
| Date: Thu, 5 Apr 2007 03:30:01 -0700
| Lines: 160
| Message-ID: <E8A2ADDE-57E2-483D-A76E-9F4C5EF29560@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:27915
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Terence,
|
| As usual, a very detailed response from you. I have followed a few of
the
| threads where you have responded, and appreciated the detail.
|
| I will give this a try this weekend when the network is not being used.
|
| Regards
|
| Chris
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello Chris,
| >
| > Thank you for posting here.
| >
| > According to your description, I understand that you want to know
whether
| > you can not install ISA firewall client on mobile laptops but meanwhile
| > make the laptops to access Internet through ISA server. If I have
| > misunderstood the problem, please don't hesitate to let me know.
| >
| > Based on my research, we can make the laptops to access Internet
without
| > install ISA firewall client on them.
| >
| > By default, ISA server on SBS only allows domain user access Internet.
| > Meanwhile, ISA server has 3 kinds of client: SecureNAT, Web Proxy,
Firewall
| > client. The Web Proxy and Firewall client can provide workstation user
| > account to ISA server to do authentication. However, the SecureNAT can
not
| > provide authentication.
| >
| > Therefore, if the laptop can not join domain, even install firewall
client
| > on them, they still can not access Internet.
| >
| > The laptop is typical SecureNAT client of ISA, I suggest we try the
| > following steps to resolve this issue:
| >
| > 1. You have to rerun the CEICW to make sure your SBS 2003 server have
right
| > network configuration. Go through the follow KB and Rerun CEICW again
| > carefully.
| >
| > How to configure Internet access in Windows Small Business Server 2003
| > http://support.microsoft.com/kb/825763/en-us
| >
| > 2. Modify the SBS Internet access rule:
| > a. Click Start, point to All Programs, point to Microsoft ISA Server,
and
| > then click ISA Server Management.
| >
| > b. In the Microsoft Internet Security and Acceleration Server 2004
console,
| > expand YourServerName , and then click Firewall Policy.
| >
| > c. In the center pane, find a policy named SBS Internet Access Rule,
| > double-click it.
| >
| > d. Click Users tap in SBS Internet Access Rule Properties window,
highlight
| > SBS Internet Users and click Remove button, then click Add button and
| > double-click All Users
| >
| > e. Click OK, then click Apply button to save and apply the new
| > configuration.
| >
| > 3. Ensure all laptops' default gateway pointing to ISA server internal
| > network interface.
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: ISA 2004 - Internet Access without using Firewall Client
| > | thread-index: Acd2vjJq5BrmZ8nCRdqgIrLHOilPUQ==
| > | X-WBNR-Posting-Host: 196.211.241.18
| > | From: =?Utf-8?B?Q2hyaXM=?= <chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: ISA 2004 - Internet Access without using Firewall Client
| > | Date: Wed, 4 Apr 2007 06:36:06 -0700
| > | Lines: 24
| > | Message-ID: <612506E2-3577-4379-AB00-F69F0E34AF99@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:27697
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi,
| > |
| > | I have an SBS 2003 SP1 network running and am now wanting to install
| > | ISA2004. I have read all of the documentation and quite a few of the
| > posts
| > | in this newsgroup.
| > |
| > | My question is: can I install ISA2004 without installing the firewall
| > client
| > | on the workstations? Is it possible to setup a rule or something to
| > allow
| > | internet access?
| > |
| > | The reason that I want to go this route is that some users will be
| > pluging
| > | in their laptops on the internal SBS network, but they will not
actually
| > be
| > | joining the domain (remaining in a workgroup). Reason for this is
that
| > they
| > | travel between various offices which are all on different domains,
so a
| > | domain login is not practical.
| > |
| > | If proxy settings will need to be changed between offices, we can
deal
| > with
| > | this, and try a scripted change is necessary on the laptops.
| > |
| > | Any help appreciated.
| > |
| > | Regards
| > |
| > | Chris
| > |
| >
| >
|

.

Loading