Solved

ISA 2004 REPORT

Posted on 2013-06-04
5
531 Views
Last Modified: 2013-06-21
I have run the report and showing under top web sites  127.0.0.1:1007 . it seems to be not the web external address . Can you please confirm reason why I am getting that number
I hope ISA server will produce the traffic as web sites on the external  . I don't want to come users internet access as any internal ip address . coz we do not pay any charges as local network traffic . please advice me on this
0
Comment
Question by:cur
  • 3
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:PaciB
PaciB earned 200 total points
ID: 39223247
Hi,

You probably have installed on your TGM server some application that provide a GUI via a HTTP connection on the TCP 1007 port.

Each time you open this GUI on the TMG server it connects on http://127.0.0.1:1007 and this is traced in the TMG log that is used to produce reports.

As the IP address shown is 127.0.0.1 this can only be a connection from the TMG server to the TMG server. Nothing to do with internal clients or external web sites.

On the TMG server you can open a CMD prompt and use the command:
NETSTAT -ano

This will list all the TCP ports open or listening. Look for a TCP listening port 1007 and note the PID associated.
Then, in the task manager, use the "processes" tab to find the process that has this PID. That may give you some hint about which application uses this port.
Anyway, even in you find the application that listens on this port you'll have very hard time to remove it from the log... You can make thing so that some TMG access rules do not trace any thing in the logs, and then in the reports, but as this is about HTTP dialog it will be quite diffcult and will require some very specific rules configuration.

Have a good day
0
 

Author Comment

by:cur
ID: 39224364
thanks . my ISA server part of my ad Ad AND ONLY the member of AD users have access to the internet via ISA . is there any way I can connect an y PC without part of AD network
I have some mobile users give access to ISA

ANd also my branch users need to go to the internet via my head office . so that I need the Routing and remote access enable  ?
0
 
LVL 16

Assisted Solution

by:PaciB
PaciB earned 200 total points
ID: 39225477
Hi,

From what you explained I suppose your TMG server is a member of your internal AD domain and probably you have an access rule with the following parameters :
From: Internal
To: External
Protocole: HTTP, HTTPS
Users: All authenticated users

To be able to access Internet your users have to be authenticated on the domain.


Ok... So now you want some devices to be able to access Internet without authentication.
The only way in my opinion is to make things so that these devices are in a specific IP range. As these devices are connected through Wireless Access Points you may already have a specific IP range for these WiFi devices.
In that case, you can add a simple Access Rule in TMG by doing the following:
1) Create a new Network object in TMG and declare your WiFi IP range. Let's call it "WiFi Network".
2) Create a new Access Rule un TMG to Allow HTTP and HTTPS, from "Wifi Network", to "External", for users "All Users".
3) Ensure that this new Rule in located BEFORE the previous existing Rule.

Doing like this, if the client comes from an IP that is part of the Wifi Range the new access rule will apply and let access to Internet without authentication.
0
 

Author Comment

by:cur
ID: 39228010
is this posible in ISA 2004 as well ?
how about the branch network . my main network ID 192.168.1.0/24  . All the branches will start 192.168.2.0/24 to 7.0/24 and need the internet access from the main office  . All the branches connected to the main office and branch users can see the ISA server in 192.168.1.0 /24 network  . i hope I need any thing to create a Rule for that too ? or need to do some thing on the router level  ?
0
 
LVL 16

Accepted Solution

by:
PaciB earned 200 total points
ID: 39228445
Hi,

Yes it is possible an ISA 2004.
It's the same way.


About your branch network there's nothing more to do on the TMG server.
All you have to do on the branch office computers is to add the IP address of the internal NIC of the TMG as a proxy in the Web browser.

By default, TMG enables the proxy function on its internal network and uses the TCP port 8080. So on the computers if you configure your web browser to use a proxy with IP address of internal TMG and the port 8080 it should work.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question