Solved

PBR to ISA 2006 Not Proxying Client Web Traffic

Posted on 2012-03-23
1
731 Views
Last Modified: 2012-08-17
I have a ISA 2006 server set up with McAfee's Smartfilter software running to filter our organization's internet traffic.

In the past, we've had to enter the proxy setting into client web browsers. We don't want to do that anymore.

I thought I could just Policy Base Route clients' 80 & 443 traffic to the ISA server, and it would receive the traffic, run it through the filter, allow/disallow the access, and return either a block page or the desired webpage back to the client.

It is not working.

The question is, is it suppose to work? If so, what configuration settings am I missing.

I know for sure the PBR is working, because running WireShark on the ISA box shows that client traffic is getting to the proxy server, but then packets are being reset. So, it's something on the ISA server.

Would appreciate any assistance.

Thank you.
0
Comment
Question by:suma33
1 Comment
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
Comment Utility
Create a new protocol using TCP port 80 outbound (rather than the existing http protocol) - use it in an access rule and disable the web proxy filter. Bear in mind though that this will treat the traffic as layer 3 rather than layer 7.

The ISA MUST be either the default mgateway or on the default route path to the Internet.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now