Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Rule problem...

Status
Not open for further replies.
mattKnight

mattKnight

Programmer
May 10, 2002
6,225
GB
I am using ISA server and Surf Control.

I have installed SC report Central (as per instructions) on the ISA server.

I have created a rule that allows access to the report centre softare

This rule works only if I allow it for ALL USERS i.e. (anonymous). I wish to use allow this rule for a small group of users (to augment the password security of te application). If I change the rule to apply to that user group, I can get no access, if I use authenicated users, I get no access.

The server name is in the intranet zone, authentication is set to allow integrated authenication in the intranet zone...

The bypass proxy for local addresses is set, which I think may be part of the problem.

Any clues or do you need mopre information...

Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Sort by date Sort by votes
Just an idea: in order to allow for a group/user you need to have some sort of authentication. If you do not use neither the ISA Client nor WEB-Proxy Client (ie. it's a secure NAT-Client), no user-credentials will be known to the ISA Server.

Make sure you either have IE set up to use your ISA as proxy or install the ISA client.



Cheers
Knutern
 
Upvote 0 Downvote
Markso

Thanks for the link, but it dumps me to the KB search page!

Could you tell me what search you used to find it?
I have checked the SurfControl KB fairly thoroughly, but I could well have missed something...

Have you used Surf Control?

Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Upvote 0 Downvote
Matt, if you put 1472 and search for specified article ID number, you should get the right article.

I do use SurfControl every day - I work for them!

When you look into these eyes, I hope you realise, they could never be blue.
 
Upvote 0 Downvote
I do use SurfControl every day - I work for them!
Click to expand...

Eeerm not in the support department I hope!

I have SC working for web access, through the ISA server, so to get any coonection, the proxy settings must be correct, so the KB article has been applied (albeit through a different route) for a while. Web access is limited by security group and this proves that I have authentication from the IE client to ISA ( consequently to Surf Control filter too)

However I am using reports Central (tomcat server on port 8888) I have a specific protocol setup, a specific rule setup. This works apart from teh fact that I must use the ISA user group "All Users" in that rule. If I don't I get no access, It is a requirement that I use a group "Report Users" on that rule.



Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Upvote 0 Downvote
No, not in support :)

I am however starting to get to grips with ISA so I might make more sense in the future!!

Do you have the user group set up in Web Filter as well (via the Monitor)

When you look into these eyes, I hope you realise, they could never be blue.
 
Upvote 0 Downvote
I have set a rule through SC to allow acess, and monitored through SC RTM. There is no activity registered by SC, eben though the IE client displays reports.

When I say that I am getting no access, I believe (nay sure) that ISA server is dropping the packet rather than SC denying access (I get no blocked site screen, I get no activity registered in RTM and no report entries)



Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Upvote 0 Downvote
Matt, What are your servers setup?

Windows 2000 or Server 2003?

What version of ISA?

When you look into these eyes, I hope you realise, they could never be blue.
 
Upvote 0 Downvote
Windows 2003 Server (Enterprise)

ISA 2004 (Standard)


Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Upvote 0 Downvote
I presume IE is configured to use proxy in IE>Tools>Internet Options>Connections>LAN Settings?

When you look into these eyes, I hope you realise, they could never be blue.
 
Upvote 0 Downvote
Markso
I presume IE is configured to use proxy in IE>Tools>Internet Options>Connections>LAN Settings?
Click to expand...

Yep it is...

The ISA server articales look useful, but i haven't readthem in full!

Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Upvote 0 Downvote
Matt, did you get to the bottom of this?

Have you tried SurfControl Technical Support?

When you look into these eyes, I hope you realise, they could never be blue.
 
Upvote 0 Downvote
Markso,

I didn't getto the bottom of this one at all, but I have a resolution; which is to allow anonomous access....

I did try SC TS and quite frankly I was deeply unimpressed, which is another story which is inappropriate to discuss here
(of course if you wish to contact me, please do so thorugh Mike lacey)

Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Upvote 0 Downvote
(of course if you wish to contact me, please do so thorugh Mike lacey)
Click to expand...

Done

When you look into these eyes, I hope you realise, they could never be blue.
 
Upvote 0 Downvote
I'll jog his memory!

When you look into these eyes, I hope you realise, they could never be blue.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quar
  • Locked
  • Question
Moving a rule
Replies
2
Views
158
iggsterman
iggsterman
quar
  • Locked
  • Question
Moving a rule
Replies
0
Views
58
quar
quar
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
78
ITSUPPORTIT
ITSUPPORTIT
wrighbr1
  • Locked
  • Question
Cisco ASA 5505 site to site VPN problem
Replies
0
Views
61
wrighbr1
wrighbr1
mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
76
mattbarkerlfc
mattbarkerlfc

Part and Inventory Search

Sponsor

Back
Top