How to configure ISA 2006 so domain workstations are able to connect with Microsoft firewall client
Posted on 2008-10-04
I have Windows domain network with several windows 2003 servers (AD,EXCHANGE,ISA 2006) evironment with locations routing trafic through ISA.
Currently all my clients are curently SecureNat clients, and i have rulles set up and all aplications (http, mail, torrent..) work OK.
I have several "test" workstations that have Microsoft Firewall client for ISA server. All computers are set up as Web proxy clients (IE7, has automaticly detect settings option turned on and WPAN entry in DNS). On this workstations i have problem using torrents, some applications (flashget..)
First thing i need is to have usernames (not IP addresses) in ISA 2006 logs?
Ok i undertstand that SecureNAT clients are not able to authenticate.
Is it possible to use webproxy clients on domain workstations to automatically authenticate to ISA and have autheticated usernames in logs? I tryed turning on the option "require all users to autheticate" with "integrated" authentication, but then a naggy "enter username with password" screen pops up on every client. I expected that webproxy clients wolud use some NTLM credentials or something else to authenticate to ISA and then have usernames in logs.
Third option is to publish ISA firewall client to all workstations but then i have a lot of "not working" connections (SSH, torrent, flashget). If i disable firewall client all those "not working" connections start working again, so i think "allow" rules just dont work with firewall client connections.
So, the main question is why does domain workstations that have firewall client installed have problems with connections.
What rule sholud i create to allow all fireall client computers access internet resources withot any restrictions?