ISA Server

Author Message
ALF 10/02/2003 04:53 am
I have still problem with Download and ISA server.
Should I set anything at Isa setver configuration.

Thanks.
Oleg Chernavin 10/02/2003 10:34 am
I am not familiar with ISA server myself, but I have heard a suggestion that ISA server should contain a list of allowed applications - maybe it is possible to add Offline Explorer to the list?

Please let me know if this suggestion is helpful or not.

Thank you.

Best regards,
Oleg Chernavin
MetaProducts corp.
Oleg Chernavin 10/02/2003 12:11 pm
I just found an interesting information about ISA server on Microsoft site:

<a href="http://support.microsoft.com/default.aspx?scid=KB;en-us;q310129">http://support.microsoft.com/default.aspx?scid=KB;en-us;q310129</a>

<H2>HOW TO: Configure the ISA Server 2000 HTTP Redirector Filter in Windows 2000</H2>

<div class="notice">This article was previously published under Q310129 </div>

<H2>SUMMARY</H2>
This step-by-step article describes how to configure HTTP redirector filters. ISA Server 2000 can provide both firewall and Web-caching services for ISA Server clients. The Web Proxy client automatically uses the Web Caching feature. ISA Server Firewall and SecureNAT clients can also utilize the Web Proxy cache by leveraging the features that are provided by the ISA Server HTTP Redirector Filter.<BR /><BR />
The HTTP Redirector Filter is an ISA Server Application Filter that can intercept HTTP requests from Firewall and SecureNAT clients. Dependent on how the HTTP Redirector Filter is configured, Firewall and SecureNAT client HTTP requests can be redirected to the Web Proxy service, forwarded directly to the destination Web server, or dropped.<BR /><BR /><span class="weboutput">
</span><H3><a class="bookmark" NAME="2"></a>Configure the HTTP Redirector Filter</H3><BR /><OL class="dec"><LI>In the ISA Management console, expand your server or array, and then expand the <STRONG>Extensions</STRONG> node in the left pane of the ISA Management console.</LI><LI>Click the <STRONG>Application Filters</STRONG> node in the left pane of the ISA Management console.</LI><LI>Right-click the <STRONG>HTTP Redirector Filter</STRONG> node in the right pane of the ISA Management console and click <STRONG>Properties</STRONG>.</LI><LI>In the <STRONG>HTTP Redirector Filter Properties</STRONG> dialog box, click the <STRONG>Options</STRONG> tab.</LI><LI>When the <STRONG>Redirect to local Web Proxy service</STRONG> option is selected, requests from SecureNAT and Firewall clients will be forwarded to the Web Proxy service on the ISA Server computer. HTTP Objects that are obtained from Firewall and SecureNAT clients will be placed in the cache, and Firewall and SecureNAT clients will be able to access Web objects that are placed in the Web Proxy cache.</LI><LI>When the <STRONG class="uiterm">If the local service is unavailable, redirect request to requested Web server</STRONG> option is selected, requests should be directed to the requested Web server. This means that the request will not be cached when the local service is unavailable.</LI><LI>The <STRONG class="uiterm">Send to requested Web server</STRONG> option will forward HTTP requests from Firewall and SecureNAT clients directly to the destination Web server. Web objects that are obtained from Firewall and SecureNAT clients will not be cached.</LI><LI>The <STRONG class="uiterm">Reject HTTP requests from Firewall and SecureNAT clients</STRONG> option will cause all HTTP requests from Firewall and SecureNAT clients to be dropped. This is a helpful option when you want to force clients to use the Web Proxy client to access Web sites and prevent users from configuring their computers as Firewall or SecureNAT clients to access Web sites.<BR /><BR /><STRONG>NOTE</STRONG>: Credentials that are provided by Firewall clients are removed when the HTTP Redirector Filter forwards a request to the Web Proxy service. If ISA Server requires authentication to access a Web object, the request will fail. SecureNAT clients do not provide credentials to the ISA Server, and because of this, the HTTP Redirector Filter does not impact its normal functioning.</LI></OL>
ALF 10/09/2003 09:38 am
This helped me.
It works now OK.

I set option "Send to requested Web server"
and in OE I disabled proxy server settings.

Firewall client must be instaled.

Thank You.
Oleg Chernavin 10/09/2003 02:11 pm
Thank you very much! I hope, this will help many other people!

Oleg.
Petr Kasan 06/03/2004 05:24 am
It can work for someone, but this is not a solution. This configuration will fail whenever ISA Server requires authentication to access a Web object.
There is still impossible in OE to authorize against ISA server Web proxy service using NTLM authentication. There is something wrong in NTLM authentication process implemented in OE.
I can understand it, because there is no official material from MS with description of NTLM challenge/response authentication process.
Oleg Chernavin 06/03/2004 06:16 am
In fact, I am using the MS library WinInet to handle all NTLM-authenticated downloads. Even their code doesn`t work properly with ISA server. It looks like they are having some undocumented trick to make it working in M IE.

Oleg.
Petr Kasan 06/03/2004 08:18 am
I think, there is one major disadvantage in ISA server: They wrote "credentials that are provided by Firewall clients are removed when the HTTP Redirector Filter forwards a request to the Web Proxy service". It means, that if you have ISA Server configured so it requires authentication to access a Web content (which is usual nowadays), you cannot use Firewall client and have a benefit from using ISA cache. You must set HTTP Redirector to redirect HTTP request directly to internet instead. This way, Firewall Client provides authentication against ISA server on behalf of application (such as OE).
I hope, this behavior will be improved in ISA 2004.

Petr
Maaz 07/12/2004 08:23 am
> I have still problem with Download and ISA server.
> Should I set anything at Isa setver configuration.
>
> Thanks.
i want to configure my ISA server
plz send me ISA tutorial to my ID so i can configure my ISA server
Jeff 05/19/2005 05:45 am
The problem still persists.

Tried WebCopier, it uses Internet Explorer setting and can download without the gateway error!

Please do something about this.

Regards,

Jeff
Jeff 05/19/2005 11:37 pm
I mean, OEP doesn`t work, while the other product, which uses Internet Explorer setting does.
Oleg Chernavin 05/21/2005 03:30 am
Offline Explorer Pro/Enterprise also uses MS IE settings if you check the NTLM box in the Options dialog | Proxy | HTTP section.

Oleg.