Re: FTP through ISA 2004
- From: "SteveB" <newsgroup@xxxxxxxxxx>
- Date: Wed, 18 Feb 2009 07:58:45 -0800
As Jim says ISA 2004 allows very granular control over outbound access to
the internet. You do have to be careful how you structure the rules and
their placement. I suggest you need to learn ISA better if you're going to
use it. As he also mentions www.opendns.com is another tool you can use.
"Jim Behning SBS MVP" <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:mf3op41l42uc0kqvfmd7n5uoonv18tn2nj@xxxxxxxxxx
Disable any rules you made. Now do the right click SBS Internet Aceess
Rule to remove read only checkbox. Apply and test. I like to use real
FTP clients. I have Whiz FTP on my box and it works well for the price
of free. It has some logging stuff so you can see if or why things are
failing. You can also use Wireshark to look at the workstation network
conversation. Workstation has to have the firewall client installed.
I start with using www.opendns.com to restrict the sites that
everyone can go to. At practically every site I work with there are
catagories of web sites people do not need to go to do their jobs.
In ISA you can use two rules to get your network under control. One
rule that applies to some staff (make a group) that denies them
internet access except to certain web sites. Note that rules get
applied from lowest number to highest. If you put one of your own
rules down low it may trash your network so I put my Ban MP3 and M4a
rule just above the SBS Internet Access Rule. Same for the other rules
I may use.
I have had CAD programs that needed some silly anonymous access to
work. It would go out and look for updates before it fully started. I
had to make a rule to let the workstations go to that specific site.
Start with the basics and a real ftp client. Post back results.
On Wed, 18 Feb 2009 04:33:01 -0800, chris landman
<chrislandman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
That is really not an option because we also want to limit certain peopleSee what SBS support is working on
to
certain sites. I also tried what you said and it did not allow them out.
Do you have any idea of what would be stopping them from FTP'ing out?
"Jim Behning SBS MVP" wrote:
If you want to restrict internet access just yank people out of the
group.
On Tue, 17 Feb 2009 15:45:00 -0800, chris landman
<chrislandman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
we have that rule disabled. we are trying to limit internet access.See what SBS support is working on
This
ftp site pops up a login screen, could it be something with that? I
think it
might either be sending anonomus or the user credentials. I see some
issues
that talk about this online, but have not found anything that fixes it.
the
site is ftp://ftp.hsilaser.com
"Jim Behning SBS MVP" wrote:
All I ever do is right click the next to last rule which is something
like SBS internet rule or something like that. Configure FTP. Uncheck
the read only box and apply.
On Tue, 17 Feb 2009 12:57:02 -0800, chris landman
<chrislandman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
See what SBS support is working on
Yes. The machine has the firewall client intalled on it and it is
trying to
FTP out to a site that is not located inside the network. So it is
passing
through the ISA (inside to outside).
"Ain'tSoBad" wrote:
OK let me see if I understand this. you are trying to FTP out from
a client
site that has SBS 2003 and ISA 2004 running on their network?
Clear the air
please.
"chris landman" <chrislandman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:41574F44-4A04-461E-A030-87FB3C0A6520@xxxxxxxxxxxxxxxx
I am trying to FTP out from a firewall client inside a SBS2003
with ISA2004
network. Normally the use would type the ftp address in IE and
it would
then
prompt for a user and password. It will not work now that ISA
has been
put
into place. I get the following error on the client:
Error Code: 502 Proxy Error. The login request was denied. The
logon
account
might have been disabled or logon information might have
changed. Log on
again to verify that the information was typed correctly. If the
problem
continues, report the problem to the administrator of the
Internet server
you
are requesting. (12015)
I have a rule set up to allow FTP to that site and I have
unchecked the
read
only in configure FTP when I right click the rule. I have even
added FTP
Server protocol and tried the ftp://user:password@fqdm.
Please help.
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
.
- References:
- FTP through ISA 2004
- From: chris landman
- Re: FTP through ISA 2004
- From: Ain'tSoBad
- Re: FTP through ISA 2004
- From: chris landman
- Re: FTP through ISA 2004
- From: Jim Behning SBS MVP
- Re: FTP through ISA 2004
- From: chris landman
- Re: FTP through ISA 2004
- From: Jim Behning SBS MVP
- Re: FTP through ISA 2004
- From: chris landman
- Re: FTP through ISA 2004
- From: Jim Behning SBS MVP
- FTP through ISA 2004
- Prev by Date: Re: sbs 2003 - shared printing
- Next by Date: Group Policy for IE Home Page?
- Previous by thread: Re: FTP through ISA 2004
- Next by thread: Re: FTP through ISA 2004
- Index(es):
Relevant Pages
|
Loading
