Thomas Shinder Blog RSS

All Blogs  »  Thomas Shinder Blog  »  ISA Central  »  Blog article: How to Enable Anonymous Users to Log onto the ISA Firewall Web Proxy Component

How to Enable Anonymous Users to Log onto the ISA Firewall Web Proxy Component

There are times when you might want to allow users who are not members of your domain to get access to the Internet through your ISA Firewall’s Web proxy. In most situations, the ISA Firewall is a domain member and the users log into machines that part of the same domain, which allows your users transparent authentication with the ISA Firewall. However, if you have users come into your network that are not domain members, they won’t be able to transparently authenticate with the ISA Firewall.

There are several solutions here, but the best solution is to create a wireless DMZ segment for these users. The reason for this is that while you want to give them access to the Internet, you don’t necessarily want to expose your production network to the exploits that may be contained on these unmanaged visitor machines. Instead, a better solution is to completely segregate this machines on their own wireless DMZ where they can infect each other but not you :)

For details on how to create a wireless DMZ, check out:

http://www.isaserver.org/tutorials/2004wirelessdmz...1.html

However, if you don’t want to create a wireless DMZ, there are other options, as noted below:

Problem: When users that do not belong to a user group try to access the Internet through ISA Server, they do not get prompted for credentials.

Cause: There may be specific circumstances in which you want to allow users who do not belong to a user group to input credentials. With Windows Integrated (NTLM) authentication enabled, users are not prompted for credentials.

Solution: To provide such users with the opportunity to input credentials, do any of the following:

• Choose both Integrated and Basic on the Web Proxy tab of the network properties on which such requests are received.

• Launch Internet Explorer using the RunAs command to provide credentials.

• Log on to the computer temporarily using an account with permissions to access the Internet.

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

This entry was posted on Wednesday, May 30th, 2007 at 10:44 am and is filed under ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “How to Enable Anonymous Users to Log onto the ISA Firewall Web Proxy Component”

  1. Anonymous proxy Says:

    June 21st, 2008 at 1:15 am

    use free proxy list to surf anonymously.

  2. Change IP Says:

    June 21st, 2008 at 1:28 am

    use proxynext.com for more information.

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a




Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Solution Center