Improve company productivity with a Business Account.Sign Up


ISA 2004 Standard logging

Posted on 2006-06-21
Medium Priority
Last Modified: 2013-11-16
I have read through several of the threads posted about ISA capturing usernames rather than IP addresses, but am still having difficulties getting this to work/understanding how to configure it.

Our setup is as follows:  2003 Server with ISA 2004 Standard, Single Network Adapter mode (this box is still in testing, so it can be changed) that is a member server on the domain. (2000 domain)  We are not using the FW client, but are piping people through the web-proxy in IE/Firefox.  This is not being used as a FW, but only as a proxy server.

90% of our employees are on Thin Clients and go through windows 2003 terminal servers.

Currently we are only seeing information about IP addresses, which wouldn't be that big of a deal except that all we see are the IPs from the server, so we can't exactly tell who the offender was.  Like others have said, there is so much confusing/conflicting information out about the capabilities of ISA that I needed to once again post this question.  The kicker seems to be the thin client aspect of the equation.  For the most part, when I mention that, people tell me that we won't be able to truly use AD integration on ANY proxy service.

Thoughts?  Is ISA the best choice for proxying, or is something like Linux/Squid a better choice given what I would like to see?  (pretty new to ISA if you couldn't tell!)
Question by:COSMTARFCU
  • 2
  • 2

Expert Comment

ID: 16954076
For what reason do you need the usernames?
    Web Content Filtering, Protocol filtering, IP routing or just reporting web usage?  

You mention an 'offender' what is the offence?
    breach of acceptable usage policy in what category?
        productivity, security, bandwidth, inappropriate usage or content?

The best solution will depend on the objectives you are trying to achieve.

You can configure the web proxy component of ISA2004 to request authenticate details from anonymous connections.  
This can be done at various points, which works will depend on your environment.  

On its own ISA server won't do content filtering effectively, you will need an add-on product.  
Managed web services are worth considering as are appliance server solutions.  

If the server is a web cache only, I assume you have another firewall on the edge of your network of some description.
Is ISA chaining to this or just directing traffic straight through it?  

More details will help elicit more feedback


Author Comment

ID: 16954200

We just want a report of who is going where, and will be using something along the lines of websense or surfcontrol to then filter sites.  At this point, it is to mostly cover ourselves and show due dilligence so that we can go to someone and say, we had a complaint that you went to a site, and here's the record of you going there.  Make sense?  (it's also a way for me to show Sr. Management that we need something like websense)

We have a CISCO ASA firewall on the edge to protect for everything else, with IPS units on the DMZ and LAN, so we only really needed a Web Proxy system, hence not using ISA "firewall" capabilities.

What other information would help?

Expert Comment

ID: 16957977
Well if you are going to user Websense and Surfcontrol they both have comprehensive reporting modules.  Personally, I prefer Websense which has a wide range of templates for its standard report generator.  You can also install an IIS add-on which allows drill-down reporting and real-time reporting.  

If you want reporting from ISA server 2004, you can either
Use standard text logging and process the resulting files through your favourite reporting tool or
Use enhanced logging which requires either MSDE on the ISA server or a backend SQL server, then use your favourite SQL reporting tools.  

Is the CISCO unit protecting you against malware, spyware and bandwidth saturation?
Both Websense and Surfcontrol will offer a broad range of protection, assuming of course that you ensure that users can't just bypass the ISA web proxy and access the Internet directly.
i.e. ensure that CISCO firewall only allows outbound traffic from your trusted servers and services.  

FYI, we use ISA2004 web caching only in branch offices, chaining upstream to ISA2004 array in HQ.  Websense filter plug-in on all ISA servers.  Websense policy server and logging SQL server at HQ.  Internet Traffic Inbound and Outbound is additionally filtered by Symantec, Surfcontrol & Messagelabs solutions.  


Author Comment

ID: 16994290
Ok, I got this working.  Ended up in the firewall policy, I needed to add USERS only allowed from domain\group...

NOW, I have a different problem.  Things were working great, I was getting all the information I wanted, but then we started getting instances where everyone was prompted for a username/password.  I had to restart all of the services on the server, and reboot to get it to start taking requests again.  There are no errors in the event log, but there is an informational that says server disconnected the following client [IP] because its connection limit was exceeded.

But that warning doesn't come up everytime this happens.  Any ideas?

Accepted Solution

DarthMod earned 0 total points
ID: 17183017
PAQed with points refunded (125)

Community Support Moderator

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question