How do your users access the Internet?
Do your users access the Internet via a NAT routed connection or application layer proxy?
I ask because we have always provided Internet access to learners and staff using the HTTP proxy (on ISA 2006), rather than a NAT routed (layer 3) connection. We configure Internet Explorer with the address of the proxy server through group policy. I think it helps with security as it makes it that bit harder for malware to connect out.
However, this evening I was providing support for an online assessment (AAT Accounting which uses something called secure assess). Secure Assess basically wraps up IE and removes all the buttons to make it secure from users tampering; the actual assessment uses Flash, and connects to AAT's server via our proxy.
It all started off ok, but 45 minutes into the exam I got a call from the Invigilator to say that there was a problem and the problem was that the online assessments had ground to a halt, they all stopped at the end of section 3 and wouldn't progress to section 4. But the candidates did comment that it was gradually getting slower (e.g. typing into a box). In the end we had to abdandon it altogether.
We had just installed the lastest Flash (10.1) via group policy last week, so it could be related to this. It could also be a problem with AAT's server (I will ring them tomorrow). I tested connecting various websites and it was fast (it would be being the evening) and Flash sites worked fine.
Anyway, It did get me wondering if having having online exams run via a proxy might be adding an extra layer of complexity; although for web browsing it has been fine.
One concern I have about routed access to the Internet is whether the webfiltering would work (this is a product called BitStream webfilter which integrates with ISA2006).
Another one is in order for our routers to be aware of the NAT routing (route out to the Internet), would I would need to add a static route to a router, and would this automatically get propagated to the others? We use automatic routing discovery on our 4 routers, but I can't recall off the top of my head which protocol we use.
And is ISA able to authentic users with ADS if they are using a NAT routed connection?
An issue we've been having (which I probably should not just tag to this email) is students when accessing the Internet are sometimes prompted to enter their credentials from our proxy server, like it sometimes has issues with authenticating users via ADS.
Thanks for any advice / suggestions. ;)
PS Forwared from Networks, when I realised that this was a more appropriate forum!