Options
GFI WebMonitor - Proxy issue... HELP!
Hi All,
Im dealing with a problem which has now driven me to the point where im about to pull my hair out... not because it's too complicated, but because i think the answer may be right there infront of me, but just cant see it coz i've been working on it for too long.
Basically, im one of two sys Admins and the other guy is constantly making changes without really knowing what he's doing. Hence, my situation:
We have an ISA server acting as an edge device and running GFI WebMonitor 4. It was working great up until a couple of weeks ago... but as of late, the webMonitor will only give monitoring details of hosts which are using a proxy server... so any browser that isnt using proxy settings (most of the users are SecureNat clients) can directly bypass WebMonitor and any restrictions which i've applied..... it was definately working a few weeks ago but i cant really put my finger on whats changed...... anyone have any ideas ?
Thanks,
K
Im dealing with a problem which has now driven me to the point where im about to pull my hair out... not because it's too complicated, but because i think the answer may be right there infront of me, but just cant see it coz i've been working on it for too long.
Basically, im one of two sys Admins and the other guy is constantly making changes without really knowing what he's doing. Hence, my situation:
We have an ISA server acting as an edge device and running GFI WebMonitor 4. It was working great up until a couple of weeks ago... but as of late, the webMonitor will only give monitoring details of hosts which are using a proxy server... so any browser that isnt using proxy settings (most of the users are SecureNat clients) can directly bypass WebMonitor and any restrictions which i've applied..... it was definately working a few weeks ago but i cant really put my finger on whats changed...... anyone have any ideas ?
Thanks,
K
Comments
-
Options
HeroPsycho
Inactive Imported Users Posts: 1,940
You have a rule in the ISA firewall that's allowing HTTP/HTTPS traffic from the Internal Network to External.
Use the monitoring tab and a filter for HTTP Allow, and it should tell you which rule is allowing this.
The nice thing about ISA 2004/2006 is by default everything is denied, so someone must have changed a rule or added one to allow.Good luck to all! -
Options
Khattab
Member Posts: 97 ■■□□□□□□□□
I'm not sure i quite understand....
If i remove the rule that allows outbound HTTP traffic - wont that disable all HTTP traffic? I dont understand how that will solve my problem??
Just to clarify what im trying to do... i dont want to block HTTP access to SecureNat clients - i just want to make sure that all clients, whether SecureNat, Web Proxy or Firewall client are being monitored via WebMonitor so that we can restrict things such as ****, gambling sites etc.. -
OptionsHeroPsycho
Inactive Imported Users Posts: 1,940
Check and see if WebMonitor installs an application filter. If it does, make sure that it's enabled on the protocol definition in your rule granting access.Good luck to all!
-
OptionsKhattab
Member Posts: 97 ■■□□□□□□□□
There is a Web Filter for "GFI WebMonitor" which is enabled.
Any other suggestions? -
OptionsKhattab
Member Posts: 97 ■■□□□□□□□□
I've gotten to the bottom of it!!
In the protocol definitions for HTTP, i went to the Paramaters tab, and the Application filter for "Web Proxy Filter" was deselected.
I rechecked the tick box and viola, we're back in business! -
OptionsHeroPsycho
Inactive Imported Users Posts: 1,940
Yeah, after I thought about it, I figured that's what it was. Wasn't sure if GFI made their own app filter, or if it was built into the HTTP one included in ISA. So it's obviously a part of the HTTP filter, and extended its functionality.Good luck to all!
