Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ISA 2004 Proxy Logging

Posted on 2006-07-10
5
Medium Priority
?
224 Views
Last Modified: 2010-05-18
Hi

Just a quick questing regarding proxy logging in ISA-2004. I’ve set all my users to authenticate with my server before being allowed access to the internet. When I view the proxy logs I see anonymous listed in ‘Client Username’ which have ‘failed connection’ before a third log below it with the correct domain/user details and access being allowed.

Basically it’s this:
 https://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tb_logging.mspx#LogsShowRequestsfromAnonymousUsers

I have validated that the anonymous requests are followed by a request from an actual, authenticated user. But I can’t get it to stop.

I’m not using the firewall client.

Any ideas?

Thanks.  
0
Comment
Question by:MrPrince
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17077782
I know it is not the answer you want but the truth is it is doing what it should. Part of this process is the ISA returning a 'failed' signal and asking for the authentication.
0
 

Author Comment

by:MrPrince
ID: 17079740
I thought it was, so is it safe to ignore these events? I.E. for every 'real' log entry there are two redundant ones. Can they be filtered out?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17083664
Not as such as the purpose of the log is to show the activity and sequence of events. As the process (for example when you select authenticated users rather than All Users or you have ticked the box stating that all users must authenticate) demands these actions, the log would be incomplete without them. it is also a key part of the troubleshooting process. For example; you select Authenticated users for outbound web access. Now, the only anonymous connections should be from users who are going to fail or are going to receive the authentication box.
0
 

Author Comment

by:MrPrince
ID: 17090473
Thought so... Ah well, thanks for the sounding board.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17092619
Welcome :)
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question