Solved

I'm just starting to experiment with ISA 2004 on our network.

Posted on 2004-09-15
7
805 Views
Last Modified: 2013-11-16
I'm just starting to experiment with ISA 2004 on our network.

We already use a PIX535 for our firewall needs and Cisco 2600s for our routing needs. This has been working wonderfully for quite some time and is also our corporate standard, so I have absolutely no need for ISA's firewall features.

That being said, what I do need is a proxy server. I just want ISA to sit there and do absolutely nothing even remotely close to acting as a firewall or router or anything else -- just listen for requests on 8080, check Integrated Authentication credentials, and forward the requests out the PIX.

The way that I'm currently trying to accomplish this is with ISA in a unihomed configuration (using the integrated template), I have firewall client support disabled and web proxy client support enabled. I also have the firewall rules to allow traffic from all networks to all networks.

I'm still having problems with some clients accessing other web-based applications that are being hosted on the same server.

Is there any way that I can basically just tell ISA to do absolutely nothing but be a proxy server? I'd very much like to simplify this configuration because the way that it currently works couldn't really be more cumbersome if they tried.

Thanks!
0
Comment
Question by:titan6400
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072416
Take a look at www.isaserver.org for general assistance with ISA.
I would generally recommend you DO use the client firewall features of ISA to protect your internal clients.  It's good as just a proxy, but that doesn't complete your security picture.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12072490
Are you setting the proxy configurations in each browser (servername and proxy port 8080)?  You might want to also check on the option to bypass proxy for local addresses since, the web-based applications may run into problems with ISA's HTTP filtering.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12076402
In the Configuration section, Networks, add Localhost and check Web Browser tab,
"Bypass proxy for Web servers in this network"
Under Proxy tab, un-chedk Enable Web Proxy clients"
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:titan6400
ID: 12076497
I've actually come to the conclusion that ISA is simply going to have to go on its own box, which will resolve a lot of the conflicts that I've been having.

lrmoore--  I'm interested to say why you think I should uncheck the "Enable web proxy clients".  The "bypass proxy for web servers in this network" was already checked, the problem stems more from the fact that ISA was actually on the server trying to be accessed, rather than connections being routed to servers unrelated to ISA.

LimeSMJ-- What sort of problems might be caused by the HTTP filtering with web apps, just for my info?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12076735
I have a very similar setup as you, with a single-NIC ISA2004 server in proxy mode only. I had to add the "localhost" to the networks section, and uncheck that box so that I could access the web sites hosted on that server. The only web sites that it hosts is the administrative management tool and one other application.

Putting the ISA proxy on its own box will be a much better solution long-run..
0
 

Author Comment

by:titan6400
ID: 12077186
Yeah, I agree.  The server that I was trying to put it on initally is a little too critical to our systems to be fooling with fate like that.

I'm still interested in whatever comments anyone might have about anything.  I'm going go ahead and award the points to lrmoore since it sounds like his solution is the best answer to my original question.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12078568
HTTP filtering includes such things as URL checking and custom security/exploit filters... For instance, if you goto www.isatoolz.org and download those MS worm/exploit fixes for ISA and install them, they may cause errors in web-based applications - in my case, a custom web app that we use was "breaking" due to certain body keywords that were being blocked.

In the default configuration though, you should be fine with the HTTP filter.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now