Solved

ISA 2004 Proxy Logging

Posted on 2006-07-10
5
222 Views
Last Modified: 2010-05-18
Hi

Just a quick questing regarding proxy logging in ISA-2004. I’ve set all my users to authenticate with my server before being allowed access to the internet. When I view the proxy logs I see anonymous listed in ‘Client Username’ which have ‘failed connection’ before a third log below it with the correct domain/user details and access being allowed.

Basically it’s this:
 https://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tb_logging.mspx#LogsShowRequestsfromAnonymousUsers

I have validated that the anonymous requests are followed by a request from an actual, authenticated user. But I can’t get it to stop.

I’m not using the firewall client.

Any ideas?

Thanks.  
0
Comment
Question by:MrPrince
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17077782
I know it is not the answer you want but the truth is it is doing what it should. Part of this process is the ISA returning a 'failed' signal and asking for the authentication.
0
 

Author Comment

by:MrPrince
ID: 17079740
I thought it was, so is it safe to ignore these events? I.E. for every 'real' log entry there are two redundant ones. Can they be filtered out?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 17083664
Not as such as the purpose of the log is to show the activity and sequence of events. As the process (for example when you select authenticated users rather than All Users or you have ticked the box stating that all users must authenticate) demands these actions, the log would be incomplete without them. it is also a key part of the troubleshooting process. For example; you select Authenticated users for outbound web access. Now, the only anonymous connections should be from users who are going to fail or are going to receive the authentication box.
0
 

Author Comment

by:MrPrince
ID: 17090473
Thought so... Ah well, thanks for the sounding board.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17092619
Welcome :)
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question