Solved

ISA 2004 REPORT

Posted on 2013-06-04
5
511 Views
Last Modified: 2013-06-21
I have run the report and showing under top web sites  127.0.0.1:1007 . it seems to be not the web external address . Can you please confirm reason why I am getting that number
I hope ISA server will produce the traffic as web sites on the external  . I don't want to come users internet access as any internal ip address . coz we do not pay any charges as local network traffic . please advice me on this
0
Comment
Question by:cur
  • 3
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:PaciB
PaciB earned 200 total points
ID: 39223247
Hi,

You probably have installed on your TGM server some application that provide a GUI via a HTTP connection on the TCP 1007 port.

Each time you open this GUI on the TMG server it connects on http://127.0.0.1:1007 and this is traced in the TMG log that is used to produce reports.

As the IP address shown is 127.0.0.1 this can only be a connection from the TMG server to the TMG server. Nothing to do with internal clients or external web sites.

On the TMG server you can open a CMD prompt and use the command:
NETSTAT -ano

This will list all the TCP ports open or listening. Look for a TCP listening port 1007 and note the PID associated.
Then, in the task manager, use the "processes" tab to find the process that has this PID. That may give you some hint about which application uses this port.
Anyway, even in you find the application that listens on this port you'll have very hard time to remove it from the log... You can make thing so that some TMG access rules do not trace any thing in the logs, and then in the reports, but as this is about HTTP dialog it will be quite diffcult and will require some very specific rules configuration.

Have a good day
0
 

Author Comment

by:cur
ID: 39224364
thanks . my ISA server part of my ad Ad AND ONLY the member of AD users have access to the internet via ISA . is there any way I can connect an y PC without part of AD network
I have some mobile users give access to ISA

ANd also my branch users need to go to the internet via my head office . so that I need the Routing and remote access enable  ?
0
 
LVL 16

Assisted Solution

by:PaciB
PaciB earned 200 total points
ID: 39225477
Hi,

From what you explained I suppose your TMG server is a member of your internal AD domain and probably you have an access rule with the following parameters :
From: Internal
To: External
Protocole: HTTP, HTTPS
Users: All authenticated users

To be able to access Internet your users have to be authenticated on the domain.


Ok... So now you want some devices to be able to access Internet without authentication.
The only way in my opinion is to make things so that these devices are in a specific IP range. As these devices are connected through Wireless Access Points you may already have a specific IP range for these WiFi devices.
In that case, you can add a simple Access Rule in TMG by doing the following:
1) Create a new Network object in TMG and declare your WiFi IP range. Let's call it "WiFi Network".
2) Create a new Access Rule un TMG to Allow HTTP and HTTPS, from "Wifi Network", to "External", for users "All Users".
3) Ensure that this new Rule in located BEFORE the previous existing Rule.

Doing like this, if the client comes from an IP that is part of the Wifi Range the new access rule will apply and let access to Internet without authentication.
0
 

Author Comment

by:cur
ID: 39228010
is this posible in ISA 2004 as well ?
how about the branch network . my main network ID 192.168.1.0/24  . All the branches will start 192.168.2.0/24 to 7.0/24 and need the internet access from the main office  . All the branches connected to the main office and branch users can see the ISA server in 192.168.1.0 /24 network  . i hope I need any thing to create a Rule for that too ? or need to do some thing on the router level  ?
0
 
LVL 16

Accepted Solution

by:
PaciB earned 200 total points
ID: 39228445
Hi,

Yes it is possible an ISA 2004.
It's the same way.


About your branch network there's nothing more to do on the TMG server.
All you have to do on the branch office computers is to add the IP address of the internal NIC of the TMG as a proxy in the Web browser.

By default, TMG enables the proxy function on its internal network and uses the TCP port 8080. So on the computers if you configure your web browser to use a proxy with IP address of internal TMG and the port 8080 it should work.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 OWA 403 error 7 717
Forward source port in forefront TMG 2010? 7 2,101
Looking for a Proxy Server 3 253
ForFront TMG Server Error 8 97
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now