Solved

MS ISA 2000, WebSense 5.5 and Proxy Bypass

Posted on 2007-04-11
10
1,611 Views
Last Modified: 2013-12-08
We currently use MS ISA 2000 for proxy and WebSense 5.5 for filtering. I would like to be able to explicitly list a number of websites which are not to use the proxy service e.g. eBay as it does not like the ISA authentication methods. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.

Mike
0
Comment
Question by:Barnardos_2LS
  • 4
  • 3
  • 3
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18888440
Hello Barnardos_2LS,

You can do this using group policy

Windows 2003 Creating and editing group policy

Group policies can be applied on a domain or an Organisational Unit, to apply a group policy in a 2003 domain environment, do the following.

On a domain controller open "Active directory Users and computers"

NOTE: As said above you can apply a GP to an OU in this instance we will deal with a domain GP, if you are concerned with a GP for an OU insert the "OU name" instead of the "Domain Name"

1. Locate the domain (top of the Tree) and right click it, then select "Properties"
2. Select the group policy Tab.
3. You will see the Default domain policy (and any other policies applied at this level)
4. You can create another domain policy by clicking "New" giving it a name and configuring it"
5. Ensure the default domain policy is highlighted and select "Edit" (unless you are working on another policy)
6. The Group policy object editor will open.
7. You can now edit the policy and close the editor when you are finished.
8. Back in the domain properties click "apply" and "OK"

Troubleshooting Group Policy in Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=B24BF2D5-0D7A-4FC5-A14D-E91D211C21B2&displaylang=en

Group Policy Infrastructure White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyId=D26E88BC-D445-4E8F-AA4E-B9C27061F7CA&displaylang=en

LOOK HERE

user configuration >windows settings >internet explorer maintenance >connection >proxy settings > Enable Proxt settings

Type in the IP address of your Proxy / ISA Box and the port you use either 80 or 8080 or 8088 depending on how you are set up

Type the URLS (seperated by semi colons ;) that you want to BYPASS the proxy for eg

www.ebay.com;www.google.com etc




Regards,

PeteLong
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18888467
Sorry maybe I did not explain properly. What I want to do is to continue to direct our users to the proxy server, but the proxy server to make the decision to bypass its web proxy service. I have read that within ISA 2000 their should be a HTTP Redirection Filter under the application filters section of extensions, however I cannot find it - under extensions their is only web filters and this contains WSISAFilter (Websense Filter) and Link Translator Filter.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18888492
Oh sorry - thats how Used to do it with ISA and Websense - Im unsure if ISA 2000 is that clever :)
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18888507
It should be - I just can't find the HTTP redirection filter! Not sure if once Websense is installed it has been removed.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18888542
or it was introduced in ISA2004?
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18888550
No it is available in ISA2000 (http://support.microsoft.com/kb/310129) however I am using Windows Server 2003.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18892430
You need to ensure you have ALL of the ISA2000 service packs/updates installed.
The location it 'should' be at is:
server/arrays - extensions - application filters. The http filter should then appear in the right-hand window.
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 18896203
Does the Microsoft Firewall need to be installed as I have just read somewhere that the http redirector filter relies on this?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 18900568
Think you may have it there. In the manual there is a a small comment.

"Note: In order for the the HTTP Redirector Filter to perform these actions, the ISA must be installed in Integrated mode." Reading through it constantly refers to the SecureNAT and firewall clients and suggests that these be also set to Web Proxy clients as well.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18904711
Thanks :)
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
Read about how to choose the best possible content marketing agency to suit your needs. Content marketing has become an integral part of running a successful tech business, so it is wise to be informed.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question