Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


what does | 5 comments | Create New Account
Click here to return to the 'what does' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
what does
Authored by: mgmcotton on May 24, '02 11:20:41AM

Sorry for the confusion in terms but that is how our IT guys talk. So here is , what I hope, is a clearer explanation. Go to the ISA Server Management program. Under Access Policy add the Mac Users identity.

Under Action Tab check allow
Under Protocol Tab Rule Applies TO ALL TRAFFIC
Under Schedule set up for always
Under Applies check Client Sets Specified Below then
add user under Client Sets and

Then highlight user and add I.P address From and to . ie. 10.0.0.200 is set: From 10.0.0.200 to 10.0.0.200.

Then apply.

The problem is that Macs do not access the Proxy Server as a client thus the Proxy Server does not allow all traffic from the Mac. This way the Proxy Server is told to allow the computer user with the set ID and IP address to communicate with the Proxy Server. Thus if one has a desktop and a notebook, an id on Access Policy for each computer. This is because both the Desktop and Notebook cannot have the same user name or IP address.

Hope this clears up my first email.



[ Reply to This | # ]
what does
Authored by: PStratford on Jun 19, '02 07:48:19AM

Urk. That would worry me immediately.
I would recommend that anyone running OS X with the ports open on ISA should responsibly lock down there Mac using Brickhouse or one of the other firewall utils.
Although ISA is very good and will repel most attacks you are significantly increasing your machines availabilty.

It may be worth asking your tech guys if you actually have to have ISA set up to validate it's users on your internal network (you may have a good operational reason for this). If not then instead of having everything wide open there could still be a Mac Users client set but with access restricted to everything but the protocols that are needed (probably only http, ftp, sntp and pop/smtp/imap if you're getting external mail).
Trivial to set up for your ISA techie.



[ Reply to This | # ]