help regarding firewall bypassing



  • 1. Is ISA server a 64 or 32 bit app?
    Customer of mine wants to get a new computer to run ISA server 2004 - maybe upgrade to 2006 later. He really wants to get a machine with Xeon processors which I think is a 64 bit processor so we would be using W2003 standard server 64 bit. I think its overkill for small network (50 users), but he's pretty stubborn. Question I have is, is ISA server a 64 bit app? I'm planning the installation and realise that we would have to use ISA Firewall clients because we want to limit access to internet based on User logins. That means we will have to use the mmc snap-in to install the client program to user machines from the ISA server. I see there are two versions of the snap-in one for 32 bit and one for 64 bit. Are we OK to use ISA server with W2003 standard server 64 bit? If we do, will the snap-in to install the client work OK? Thanks for any help Bob
  • 2. User groups do not seem to get recognized by access rule.
    My setup is a back firewall, it was configured to have limited internet access using the wizard after install. So the first rule is the one called Web Access Only that allows HTTP, HTTPS, FTP for all users. I tested that rule and it needed to have DNS added to it to make it possible to use the browser to access a site. So far that works, however I wanted only some users on the network to be able to access the internet, so I created a group on my domain controller called InternetUsers and added a user to that group. Then I went back to the ISA server, added that group to the list of ISA users and in my Web Access Only rule and removed All Users. If I logged on with a login that is that of a user in the InternetUsers users group on my domain, I should be able to use the browser to access the Internet. If I logged in as a user that is not a member of that group I should not be able to connect to any sites. However I find that when I try using the InternetUsers in the rule's properties, then I can't connect to any site, even though I'm logged in as a member of the InternetUsers group. If I just change the properties to use All Users, my browser can connect OK. Is my thinking wrong? It seems that what I tried to do should work OK. If I'm right, what should I do to make it work? Same question realy if I'm wrong :-) Any help would be greatly appreciated. Bob
  • 3. ISA network/security Configuration issues
    Hi Everyone, I've got a bit of a problem, I have several internal private network ranges which are all internal. I need to take two of these ranges and set them up so they do not require authentication, but for the others I need to require authentication. for example I have 172.16.134.x range which I need to require the autentication for. But I then have 172.16.135.x range which I need to allow annonymous authentication. This is in part due to our 3rd party product Websense which does our web filtering. We need these anonymous ranges for our wifi hot spots, since the public doesn't have domain accounts we need it to be anonymous. But for all of the domain machines we need to have it require authentication so Websense can properly detect the user accounts and allow additional features which are required. I had created another network called wifi, put these address ranges in it. And then included it in the internal network group. This didn't work, I am getting IP spoofing errors on the wifi group. I also tried making rules specifically for the wifi network and that did not work either. Please give me some direction, at this point I am tempted to put a third NIC into the server. I'd rather not do it, as adding hardware usually just complicates things. It is an ISA 2004 with the latest service packs and patches, running on a windows 2000 box.
  • 4. Configuring ISA 2004 as VPN and proxy server
    Hi, I am planning to implement ISA 2004 on Windows 2003 Standard Edition. I would like to achieve the following task. 1. It should be a proxy server. 2. It should be a VPN server. 3. It should be a firewall to protect the internal network. If you have any suggestions or any articles, then please let me know. I appreciate your help. Thanks
  • 5. Bypass address
    Hi I have some webaddresses I need to bypass, they doesn't work if they go throu a proxy. How can I do that in ISA server? //Peter

help regarding firewall bypassing

Postby anwar adil » Tue, 12 Jul 2005 21:12:16 GMT

the senerio i hav made is this

-----internet ------------[nat device]-------------------[isa
                                public ip         private ip
LAN users

the problem i am having is this .... as all my users r located on
192.168.0.x network and isa is the default gateway for some of
the users put 192.168.10.X ip address on there computer with for 10.x)network .so tht they r now on 10.x network
which results in bypass isa server firewall.

pls tell me is there anyway i can stop this.



Re: help regarding firewall bypassing

Postby Sergio Fonseca [MVP] » Fri, 22 Jul 2005 05:25:30 GMT

Hi anwar,

Your users have permission to change the TCP(IP settings on computers?!
On allow only communication from the ISA IP.

Qualquer sugest deve ser testada antes de aplicada -

Similar Threads:

1.Regards Firewall Authentications

I have a ISA 2000 with SP2 and FP1 on a Windows 2000 Server, this Server is 
the member of Windows Server 2003 Domain Controller (on the separate box). 

All of the sudden, ISA 2000 stop authenticating users and everytime it throws:

"HTTP 407 Proxy Authentication Required - The ISA Server requires 
authorization to fulfill the request. Access to the Web Proxy service is 
denied. (12209)
Internet Security and Acceleration Server "

Except to some users!!

To resolve the issue, i removed all Access Policy, Site Content Rules and it 
is open for all (with no access policy). But still the same problem is 
occuring that it doesn't authenticate users except some users.

In the meantime, i try logging those users to domain, they successfully 
logon to the domain. So, am sure that domain authentication is not a problem.

Please, anybody resolve my issue.


2.Want help regarding : "disable bluetooth device"


I want to disable bluetooth device connected to my PC.
Can I disble bluetooth radio connected to my PC through code (C++) ?

Thanking you

Devang Vyas

3.Allowing certain applications to bypass ISA using Firewall Client

We have a problem !!

Users in our remote branch ( have a slow private network 
connection to head office via their router at

They have another router onsite, which connects to a partner 
network over a fast line. (195.x.y.z)

All worked fine with routes programmed into the .1 router to go our to the 
partner network via the router at .2

Since deploying the firewall client they are unable to reach the partner 

The access is by a unique application "contact.exe".

It appears that despite the routing rules on the local routers, all network 
traffic is being forced through the ISA server at HQ (

Is there anyway we can convice the ISA FW Client to ignore all traffic from 
the contact.exe application and/or to the 195.x.y.z network ?




4.Steps To Allow A User To Bypass Firewall/ISA

I obviously do not know as much as I think I did. Which wouldn't be 
surprising if you asked my friends.

I am trying to get the Napster online service, through Windows Media Player, 
in past ISA 2000. The messages in WMP are cryptic enough that I thought I 
should just open my workstation up to the world, at least for testing 

I thought that I would just have to set up a Protocol Rule, allowing the 
Client Address Set which includes just my workstation, and then set up a 
Server Publishing Rule. That doesn't work. What else do I have to do?

caz somehow bypasses the firewall client

Hi all,

i've got a really strange problem here ... I have a piece of software
(the google updater to be specific) that somehow bypasses the ISA
server Firewall Client. Although the Firewall Client is properly
configured and works for all other applications, the google updater
tries to
connect directly through our gateway router (and this is not
allowed :) ).

I know this because I did a packet dump. At first I saw that the
software was querying my internal dns servers for the google domain. I
added this to my hosts file and now that it can resolve
"" it tries to download an xml file directly through
our gateway. The packets seem not to be "intercepted" by the firewall

Has anybody else seen this before ? Any solutions :) ?

Thank you,

6. Topic: Users bypassing installed firewall clients

7. Bypass ISA2004 Firewall

8. Help with bypassing ISA server

Return to ISA


Who is online

Users browsing this forum: No registered users and 5 guest