?
Solved

ISA 2004 Proxy Logging

Posted on 2006-07-10
5
Medium Priority
?
223 Views
Last Modified: 2010-05-18
Hi

Just a quick questing regarding proxy logging in ISA-2004. I’ve set all my users to authenticate with my server before being allowed access to the internet. When I view the proxy logs I see anonymous listed in ‘Client Username’ which have ‘failed connection’ before a third log below it with the correct domain/user details and access being allowed.

Basically it’s this:
 https://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tb_logging.mspx#LogsShowRequestsfromAnonymousUsers

I have validated that the anonymous requests are followed by a request from an actual, authenticated user. But I can’t get it to stop.

I’m not using the firewall client.

Any ideas?

Thanks.  
0
Comment
Question by:MrPrince
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17077782
I know it is not the answer you want but the truth is it is doing what it should. Part of this process is the ISA returning a 'failed' signal and asking for the authentication.
0
 

Author Comment

by:MrPrince
ID: 17079740
I thought it was, so is it safe to ignore these events? I.E. for every 'real' log entry there are two redundant ones. Can they be filtered out?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17083664
Not as such as the purpose of the log is to show the activity and sequence of events. As the process (for example when you select authenticated users rather than All Users or you have ticked the box stating that all users must authenticate) demands these actions, the log would be incomplete without them. it is also a key part of the troubleshooting process. For example; you select Authenticated users for outbound web access. Now, the only anonymous connections should be from users who are going to fail or are going to receive the authentication box.
0
 

Author Comment

by:MrPrince
ID: 17090473
Thought so... Ah well, thanks for the sounding board.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17092619
Welcome :)
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question