Tuesday, September 16, 2008

Cleartunnel SSL Plugin & Upstream Proxy

Update:

Collective Software has confirmed to me, that their Cleartunnel plugin for ISA Server does not work in a NON isa upstream proxy solution.

The only way to make it work is to use it in a ISA to ISA upstream proxy solution, and install Cleartunnel on both ISA servers and configure it as upstream on one and downstream on the other.

They have heard the scream from the customers, and are working on a solution in a future release.

posted by Jesper Bagh @ 5:05 PM  

Wednesday, September 3, 2008

Cleartunnel and non ISA Upstream

I have, in my LAB, been struggeling with getting Cleartunnel working. I have come to the conclusion that it does not work in a NON ISA Upstream Proxy setup.

The setup beeing :

Internal Network->ISA 2006 Enterprise with Cleartunnel Add-IN->Upstream Proxy server->Internet

Cleartunnel can only work in Full Bridge mode if it is the edge or downstream server to another ISA server.

At the present, there is no working solution, other than upstreaming to another ISA server or finding another solution in your external dmz...

Thought I might let you know..

posted by Jesper Bagh @ 5:35 PM  

Tuesday, September 2, 2008

ISA & TMG NAT behavior And MS08-037

Microsoft Security Response Center (MSRC) issued bulletin MS08-037 to address vulnerabilities in DNS resolvers caused by predictable UDP source port usage.

Problem:
After you install security update 953230 (MS08-037) on a Microsoft Windows-based computer, Domain Name System (DNS) queries that are sent from the computer across a firewall do not use random source ports.

MSKB 956190 addresses behavior observed when traffic crosses a NAT-based firewall and provides workarounds to mitigate this behavior.

Regards,
Jesper

posted by Jesper Bagh @ 12:33 PM  

Monday, September 1, 2008

NAP Training Solutions from Microsoft

Please check the NAP teams blog for Training solutions available from Microsoft E-Learning

http://blogs.technet.com/nap/archive/2008/08/29/nap-training-solutions-from-microsoft.aspx

posted by Jesper Bagh @ 1:55 PM  

WinCAT blog on NAP and 802.1X Enforcement

The Windows Server Customer Advisory Team (WinCAT) has posted this :

Network Access Protection Using 802.1x VLAN’s or Port ACLs – Which is right for you?

posted by Jesper Bagh @ 1:48 PM