ISA Clients, Some Application's traffic are not validated by Firewall Client.

microsoft.public.isa.clients - Microsoft Internet Security and Acceleration


ISA Clients >> Some Application's traffic are not validated by Firewall Client.

by Miguel » Tue, 18 Oct 2005 20:41:24 GMT

Hello.

My Scenario:
- Isa Server 2004 (act as Internal Perimetral Firewall) (Used as default GW
by all Internal machines)
- Clients on Internal network with Firewall Client installed
- All firewall Rules allowed only for "Authenticated users" (or more
restrictive), never "All users".

Problem:
When I try to establish a connection with any share resource in a network
Out of the Internal Network, the comunication generates an SecureNAT
session. This occour too with some VPN software like "mobile user VPN -
Watchguard", and any more. So this traffic are denied.

The traffic generated by some applications are not validated by Firewall
Client. How can solve this?

I've tried to Change Settings in Application configuration "Disable=1" but
only solves conectivity problems with the Outlook client.

Can anyone help me?
Thanks.


Top

ISA Clients >> Some Application's traffic are not validated by Firewall Client.

by Jim Harrison (MSFT) » Thu, 20 Oct 2005 03:20:42 GMT


The ISA Firewall Client component is a Winsock Base Service provider.
In plain terms,this means that it only handle traffic that is passed to the network via Winsock.
Net share access is handled by the Windows Network File System redirector.
This component does not use Winsock, but speaks directly to the TCP/IP stack.
Thus, the Firewall Client never sees net share traffic and cannot act on it.

--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.


Hello.

My Scenario:
- Isa Server 2004 (act as Internal Perimetral Firewall) (Used as default GW
by all Internal machines)
- Clients on Internal network with Firewall Client installed
- All firewall Rules allowed only for "Authenticated users" (or more
restrictive), never "All users".

Problem:
When I try to establish a connection with any share resource in a network
Out of the Internal Network, the comunication generates an SecureNAT
session. This occour too with some VPN software like "mobile user VPN -
Watchguard", and any more. So this traffic are denied.

The traffic generated by some applications are not validated by Firewall
Client. How can solve this?

I've tried to Change Settings in Application configuration "Disable=1" but
only solves conectivity problems with the Outlook client.

Can anyone help me?
Thanks.
Top
Similar Threads

1. Application's traffic are not validated by Firewall Client. 

Hello.

My Scenario:
- Isa Server 2004 (act as Internal Perimetral Firewall) (Used as default GW
by all Internal machines)
- Clients on Internal network with Firewall Client installed
- All firewall Rules allowed only for "Authenticated users" (or more
restrictive),  never "All users".

Problem:
When I try to establish a connection with any share resource in a network
Out of the Internal Network, the comunication generates an SecureNAT
session. This occour too with some VPN software like "mobile user VPN -
Watchguard", and any more. So this traffic are denied.

The traffic generated by some applications are not validated by Firewall
Client. How can solve this?

If I allow in the rule to "All Users", the comunication will be established 
but by secureNAT.

I've tried to Change Settings in Application configuration "Disable=1" but
only solves conectivity problems with Outlook.

Can anyone help me?
Thanks.

2. Some Application's traffic are not validated by Firewall Client. - ISA Configuration