[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1623
  • Last Modified:

MS ISA 2000, WebSense 5.5 and Proxy Bypass

We currently use MS ISA 2000 for proxy and WebSense 5.5 for filtering. I would like to be able to explicitly list a number of websites which are not to use the proxy service e.g. eBay as it does not like the ISA authentication methods. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.

Mike
0
Barnardos_2LS
Asked:
Barnardos_2LS
  • 4
  • 3
  • 3
1 Solution
 
Pete LongConsultantCommented:
Hello Barnardos_2LS,

You can do this using group policy

Windows 2003 Creating and editing group policy

Group policies can be applied on a domain or an Organisational Unit, to apply a group policy in a 2003 domain environment, do the following.

On a domain controller open "Active directory Users and computers"

NOTE: As said above you can apply a GP to an OU in this instance we will deal with a domain GP, if you are concerned with a GP for an OU insert the "OU name" instead of the "Domain Name"

1. Locate the domain (top of the Tree) and right click it, then select "Properties"
2. Select the group policy Tab.
3. You will see the Default domain policy (and any other policies applied at this level)
4. You can create another domain policy by clicking "New" giving it a name and configuring it"
5. Ensure the default domain policy is highlighted and select "Edit" (unless you are working on another policy)
6. The Group policy object editor will open.
7. You can now edit the policy and close the editor when you are finished.
8. Back in the domain properties click "apply" and "OK"

Troubleshooting Group Policy in Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=B24BF2D5-0D7A-4FC5-A14D-E91D211C21B2&displaylang=en

Group Policy Infrastructure White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyId=D26E88BC-D445-4E8F-AA4E-B9C27061F7CA&displaylang=en

LOOK HERE

user configuration >windows settings >internet explorer maintenance >connection >proxy settings > Enable Proxt settings

Type in the IP address of your Proxy / ISA Box and the port you use either 80 or 8080 or 8088 depending on how you are set up

Type the URLS (seperated by semi colons ;) that you want to BYPASS the proxy for eg

www.ebay.com;www.google.com etc




Regards,

PeteLong
0
 
Barnardos_2LSAuthor Commented:
Sorry maybe I did not explain properly. What I want to do is to continue to direct our users to the proxy server, but the proxy server to make the decision to bypass its web proxy service. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.
0
 
Pete LongConsultantCommented:
Oh sorry - thats how Used to do it with ISA and Websense - Im unsure if ISA 2000 is that clever :)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Barnardos_2LSAuthor Commented:
It should be - I just can't find the HTTP redirection filter! Not sure if once Websense is installed it has been removed.
0
 
Pete LongConsultantCommented:
or it was introduced in ISA2004?
0
 
Barnardos_2LSAuthor Commented:
No it is available in ISA2000 (http://support.microsoft.com/kb/310129) however I am using Windows Server 2003.
0
 
Keith AlabasterCommented:
You need to ensure you have ALL of the ISA2000 service packs/updates installed.
The location it 'should' be at is:
server/arrays - extensions - application filters. The http filter should then appear in the right-hand window.
0
 
Barnardos_2LSAuthor Commented:
Does the Microsoft Firewall need to be installed as I have just read somewhere that the http redirector filter relies on this?
0
 
Keith AlabasterCommented:
Think you may have it there. In the manual there is a a small comment.

"Note: In order for the the HTTP Redirector Filter to perform these actions, the ISA must be installed in Integrated mode." Reading through it constantly refers to the SecureNAT and firewall clients and suggests that these be also set to Web Proxy clients as well.
0
 
Keith AlabasterCommented:
Thanks :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now