Hello
We have ISA 2006 and TMG 2010 with Websense 7.6.2 as content filtering application. Websense plugin is installed on ISA/TMG nodes and it filters web traffic based on ACL. ISA/TMG is placed on intranet (behind firewall) with NLB in place.
The issue is with firewall client. Users with Firewall Client just clear the Proxy settings in any browser and bypass the filter. This allows them to navigate to any https site (which are blocked by Websense) as if the content filter was not working. At the same time users cannot access http sites which are blocked by Websense.
This happens only with machines installed with firewall client.If FW client is removed then everything works normal.
I tried to fix the problem by adding a new Setting to the Firewall Client Application Settings for all browsers.
This is how to do it:
Go to “Configuration” then “General”; There you will see the option “Define Firewall Client Settings” on the right pane;
Then choose “Application Settings” page and click “New…”
In the “Application Entry Setting” box configure as follows:
Application: iexplore Key:
Disable
Value: 1
Ref: http://www.mmco.com/forum/topic.asp?TOPIC_ID=27963
It worked for me for few days. But again I am facing same issue. Websense said it is not the issue of ISAPI filter which is sitting on ISA.
Already gone through forums, but no luck.
http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/130cef50-7fc6-4d5b-8971-96a13030be16
http://tmgblog.richardhicks.com/2009/02/22/isa-securenat-and-firewall-clients-can-bypass-websense-content-filtering/
http://www.websense.com/support/article/kbarticle/ISA-Firewall-and-SecureNAT-clients-are-not-filtered
Any help is much appreciated. Thanks in advance.
Anand
Anandk