• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

Installing ISA 2004 Firewall Client via Group Policy

Let's start off by saying that I have never done this but I wanted to publish (if thats the right word) the Firewall client to all the client computers. I configured Automatic Discovery without any problems. Tested it and it's working perfectly. I found microsoft KB 838122 and did exactly as it says to deploy it via group policy. Problem is, as soon as I enforced that GPO and a user restarted her machine it kept asking her for her windows credentials. All of the clients are local admins and this shouldn't be a problem but I couldn't imagine why this would happen? Am I missing something here? I made a dedicated GPO which doesn't contain any other settings so I doubt that it could be the GPO. Btw, my client is running SBS premium.
0
technolutions
Asked:
technolutions
  • 3
  • 2
2 Solutions
 
cjpalmerCommented:
What features are you hoping to get from the firewall client? As a general rule, I don't install the firewall client except on an exception basis. If someone needs access that is not handled by the Proxy services, then I install the firewall client and configure it accordingly. In a small business scenario, you might have a few exceptions, but most users don't need the firewall client at all. Just the proxy settings enabled in IE.

You might be getting prompted for authentication because of the configured rules as well. If you don't allow the protocols that you are trying to use through the firewall and that is causing the authentication prompt asking for a set of credentials that has rights in the firewall to do this.

Charles
0
 
technolutionsAuthor Commented:
Well, as far as I understand it, ISA firewall client secures the connection between the client computer and the server. I'm trying to harden the network locally as well. Isn't this best practice?
0
 
dnudelmanCommented:
ISA server is supposed to manage the network internaly and externaly. You can manage all the comunications, but there is no client application for isa server firewall. Simply set the default gateway with the isa server IP address and the job is done. ISA will mange the incoming and outgoing traffic acording to your settings.
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
technolutionsAuthor Commented:
Just for the sake of understanding - What is the real difference of installing ISA firewall client? I mean what does the firewall client do then?
0
 
cjpalmerCommented:
As I understand it (this goes back more for 2000 than 2004+) there were certain things that just would work through the proxy without the client (like pinging and the like). With 2004 and later, they have a new securenat client that doesn't require any install that handles most of that stuff.

If you are looking to secure the communications between your ISA server and your internal clients, you need to look at something along the lines of IPSec. The firewall client doesn't encrypt the data or anything. It just acts as a proxy for some of the lesser used applications. With IPSec, you can actually encrypt the traffic between your client machines and the ISA server, but doesn't most of the secure stuff happen over SSL? Do you need another layer of encryption that might slow things down?

Charles
0
 
technolutionsAuthor Commented:
Thats a very valid point you have there. Most things happen over SSL yes so I doubt that I have anything to worry about. The only thing that I really had in mind was to harden my network but I get what your saying along the lines of speed and functionality vs. security. Thanks so much for the great explanation.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now