Frequently Asked Questions - Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] - نسخه متنی

Thomas W. Shinder; Debra Littlejohn Shinder

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید





















Frequently Asked Questions





The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the 'Ask the Author' form. You will also gain access to thousands of other FAQs at ITFAQnet.com.





Q: My computer is configured as a SecureNAT client and I cannot connect to an FTP site. What's the problem?





A: The ISA 2004 firewall includes an FTP application filter that allows connections to FTP sites without requiring the Firewall client. This means that you do not need the Firewall client software installed on the client machine to support the secondary connections the FTP protocol uses. You will need to investigate alternate reasons for your FTP connections failure, as installing the Firewall client software will not fix the problem.





Q: My computer is configured as a Firewall client. I am using Microsoft Outlook and I cannot connect to my POP3 server. Why can I connect to servers using other protocols but not POP3?





A: If you are using Outlook, the default Firewall client settings are configured to bypass the Firewall client. Therefore, there must be an alternate mechanism for the client to access the POP3 server. Make sure the client is also configured as a SecureNAT client, or configure the Firewall client settings so that Outlook uses the Firewall client. This can be done via the Firewall client settings in the Microsoft Internet Security and Acceleration Server 2004 management console.





Q: My computer is configured as a Web Proxy client. I am trying to connect to some chat and other Java sites but the Web Proxy client cannot connect. What can I do to make the connection?





A: There are several reasons why the connections to these sites are not working. The most common reason is that the Java code is not compliant with RFC Web Proxy servers. Since ISA 2004 is an RFC-compliant Web Proxy server, it will not always be able to present content from sites that are non-compliant. In addition, some chat and other online applications use additional protocols, in addition to HTTP. If this is the case, you will need to configure the client as a SecureNAT or Firewall client to support the additional protocols. For sites that are not compliant with RFC Web Proxy servers, you can configure those sites so that the Web Proxy clients use Direct Access via their SecureNAT and/or Firewall client configuration.





Q: I have configured the WPAD entry in my DHCP server, and some of my clients are able to automatically obtain the autoconfiguration information for the Web Proxy and Firewall client settings. However, most of my machines are not able to obtain the information from the DHCP server. What's going on here?





A: Keep in mind that when you use DHCP to assign autoconfiguration information via WPAD entries, only users logged on as local administrators can obtain the WPAD information. For users that do not log on as members of the local administrators group, you must configure a WPAD entry in DNS to support their connections.





Q: I need to access some Internet games and some voice applications over the Internet, like Yahoo games and Yahoo voice chat. My clients are configured as SecureNAT clients. My users are not able to make the connections. What can I do to enable these types of applications?





A: You will need to install the Firewall client to support applications that require secondary protocols. Most voice applications and many Internet games require secondary connections. While it is possible to use the SecureNAT client for these types of applications, you will need to create an application filter to support each Internet application requiring complex protocols. Another alternative is, if the client application supports SOCKS 4 proxies, you can configure the application to use SOCKS 4 to connect to the SOCKS 4 filter on the ISA 2004 firewall machine.





Q: I need to connect to an SSL Web site using TCP port 8081 but my Web Proxy client will not connect. What can I do to connect to the SSL Web site using an alternate port?





A: Check out Jim Harrison's www.isatools.org Web site. Jim has an excellent tool there that extends the SSL tunnel port range to any ports you desire. The name of the file, at the time of this writing, is isa2k4_ssl_tpr.zip.





Q: My SecureNAT clients can't get to the Internet. My Web Proxy clients and Firewall clients can get to the Internet without problems. The default gateway is set up correctly. Why can my Firewall and Web Proxy clients get to the Internet and not my SecureNAT clients?





A: The most likely reason is that your SecureNAT clients are not configured to use a DNS server that can resolve Internet host names. In contrast to Web Proxy and Firewall clients, which allow the ISA 2004 firewall to resolve names on their behalf, the SecureNAT client must resolve names on it own. Double-check the DNS settings on your SecureNAT client and configure them to use a DNS server that resolves Internet host names.





/ 145