On the Evils of "Require All Users to Authenticate"
Authentication is a good thing, and it’s one of the main reasons why the ISA firewall is a more secure solution than the typical “hardware” firewall . However, like in other areas in life, there can be too much of a good thing.
That’s the case with the “Require all users to authenticate” option on the “outbound Web requests listener” (OK, that’s hailing back to the ISA 2000 days, but the term is a good one and we should bring it back for ISA 2004/06 and TMG).
Check out Richard Hicks’ blog to see what I’m talking about
http://tmgblog.richardhicks.com/2009/01/26/automat...ients/
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Small-town guardsmen groomed to hunt bombs in Iraq (AP) — But As For Me Says:
March 9th, 2009 at 12:28 am
[…] Thomas Shinder Blog » Blog Archive » On the Evils of "Require All … […]
Forefront Threat Management Gateway (TMG) 2010 Troubleshooting Survival Guide | 独居Server Core Says:
July 7th, 2011 at 1:15 am
[…] Authentication: outbound authentication issues can happen for a variety of reasons. There are ways to improving web proxy client authentication performance, which are the same as used in ISA Server 2006. Some settings are well known to cause authentication problem, such as the “Require All Users to Authenticate”. The approach explained in this article is still valid for TMG when dealing with this setting. Besides this option here are some other examples of troubleshooting authentication issues on TMG: […]