+ Post New Thread
Results 1 to 4 of 4
How do you do....it? Thread, Surfcontrol! in Technical; OK so I've just noticed that the school has surfcontrol sat on the ISA server. The thing is I can ...
  1. #1

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200

    Surfcontrol!

    OK so I've just noticed that the school has surfcontrol sat on the ISA server. The thing is I can do without having ports and filters in place for me.
    On ISA I have a rule set up to allow users in the administrators group full access to all ports and all sites. Yet I try to get on to windows update and get errors which relate to firewalls.
    From what i've read its because surfcontrol requires authentication (to log) and for exmaple windows update cant so it fails.

    Is there any way I can say not to impose any restrictions on the administrators group at all, so i can actually do the things i need to without fiddling with surfcontrol and isa all the time?

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    What version of ISA and Surfcontrol do you have, you can have ISA setup to not require authentication and still get you the usernames and ability to filter or not by them by using NetBIOS username resolution (slow) or enterprise user monitoring instead of making the ISA box collect these details.

  3. #3

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    it's ISA 2004 and i believe surfcontrol 5.
    i dont even know if its surfcontrol doing it now as other things that were moaning about the proxy are working now, yet windows update still isn't.

    thing is i dont want to make too many changes as the system is being overhauled in october so i dont want to do too much now just to have it all undone

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    I think it was surfcontrol 5.5 that they released the enterprise user monitoring feature. For web access I just allow all users access via a access rule as well as the proxy feature. It is all still filtered through surfcontrol and solves a lot of issues with programs that do not play nice with a proxy. You just point the either the clients default gateway at teh ISA box or your core routers default route as ISA to get this up and running.

    You can even lock down the rule to only allow anauthenticated access from certain IPs if you need to by specifying the computers in the source network area of the rule.



SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •