Solved

ISA 2004 REPORT

Posted on 2013-06-04
5
525 Views
Last Modified: 2013-06-21
I have run the report and showing under top web sites  127.0.0.1:1007 . it seems to be not the web external address . Can you please confirm reason why I am getting that number
I hope ISA server will produce the traffic as web sites on the external  . I don't want to come users internet access as any internal ip address . coz we do not pay any charges as local network traffic . please advice me on this
0
Comment
Question by:cur
  • 3
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:PaciB
PaciB earned 200 total points
ID: 39223247
Hi,

You probably have installed on your TGM server some application that provide a GUI via a HTTP connection on the TCP 1007 port.

Each time you open this GUI on the TMG server it connects on http://127.0.0.1:1007 and this is traced in the TMG log that is used to produce reports.

As the IP address shown is 127.0.0.1 this can only be a connection from the TMG server to the TMG server. Nothing to do with internal clients or external web sites.

On the TMG server you can open a CMD prompt and use the command:
NETSTAT -ano

This will list all the TCP ports open or listening. Look for a TCP listening port 1007 and note the PID associated.
Then, in the task manager, use the "processes" tab to find the process that has this PID. That may give you some hint about which application uses this port.
Anyway, even in you find the application that listens on this port you'll have very hard time to remove it from the log... You can make thing so that some TMG access rules do not trace any thing in the logs, and then in the reports, but as this is about HTTP dialog it will be quite diffcult and will require some very specific rules configuration.

Have a good day
0
 

Author Comment

by:cur
ID: 39224364
thanks . my ISA server part of my ad Ad AND ONLY the member of AD users have access to the internet via ISA . is there any way I can connect an y PC without part of AD network
I have some mobile users give access to ISA

ANd also my branch users need to go to the internet via my head office . so that I need the Routing and remote access enable  ?
0
 
LVL 16

Assisted Solution

by:PaciB
PaciB earned 200 total points
ID: 39225477
Hi,

From what you explained I suppose your TMG server is a member of your internal AD domain and probably you have an access rule with the following parameters :
From: Internal
To: External
Protocole: HTTP, HTTPS
Users: All authenticated users

To be able to access Internet your users have to be authenticated on the domain.


Ok... So now you want some devices to be able to access Internet without authentication.
The only way in my opinion is to make things so that these devices are in a specific IP range. As these devices are connected through Wireless Access Points you may already have a specific IP range for these WiFi devices.
In that case, you can add a simple Access Rule in TMG by doing the following:
1) Create a new Network object in TMG and declare your WiFi IP range. Let's call it "WiFi Network".
2) Create a new Access Rule un TMG to Allow HTTP and HTTPS, from "Wifi Network", to "External", for users "All Users".
3) Ensure that this new Rule in located BEFORE the previous existing Rule.

Doing like this, if the client comes from an IP that is part of the Wifi Range the new access rule will apply and let access to Internet without authentication.
0
 

Author Comment

by:cur
ID: 39228010
is this posible in ISA 2004 as well ?
how about the branch network . my main network ID 192.168.1.0/24  . All the branches will start 192.168.2.0/24 to 7.0/24 and need the internet access from the main office  . All the branches connected to the main office and branch users can see the ISA server in 192.168.1.0 /24 network  . i hope I need any thing to create a Rule for that too ? or need to do some thing on the router level  ?
0
 
LVL 16

Accepted Solution

by:
PaciB earned 200 total points
ID: 39228445
Hi,

Yes it is possible an ISA 2004.
It's the same way.


About your branch network there's nothing more to do on the TMG server.
All you have to do on the branch office computers is to add the IP address of the internal NIC of the TMG as a proxy in the Web browser.

By default, TMG enables the proxy function on its internal network and uses the TCP port 8080. So on the computers if you configure your web browser to use a proxy with IP address of internal TMG and the port 8080 it should work.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now