با سلام
همان طوری که میدانید در TMG یا ISA برای در اختیار قرار دادن اینترنت به کاربران 3 روش وجود دارد
1- SecureNET
2- Firewall Client
3- Web Proxy client
که هر کدام از این موارد دارای معایب و مزایی هستند
به نطر شما اگه SecureNET و Web Proxy client به طور همزمان روی کلاینتی فعال کنیم چه مشکلی پیش میاد ؟
پ . ن :
مشکل اصلی در SecureNAT عدم قابلیت احراز هویت یوزر ها میباشد :
.The SecureNET client’s biggest disadvantage is its inability to authenticate to TMG. The basic
TCP/IP stack up to layer 4 (OSI model) does not provide for user authentication and requires
an application component to send user credentials. Unlike the TMG Client or the Web proxy
client configurations, which have built-in capability to send user credentials, for SecureNET
clients you cannot enforce rules based on users or groups. The only way to provide restricted
access for SecureNET clients is to set up rules based on source and destination IP addresses
and domains
Because the TMG firewall doesn’t know the SecureNET client exists except in the context of
a source IP address and protocol, and because you cannot enforce rules based on users and
groups, if you want to log user activity you cannot do it by using the user name. The only way
you can keep track of the activity is by using the client’s source IP address. This doesn’t work
well in reports or for administrators who wish to keep a track of all Internet activity via reports
based on users or user groups.
به نظر شما در میحط دامین هم این مشکل وجود دارد ؟
موضوعات مشابه:
- Authenticate SecureNAT Users on ISA/TMG
- تنظیمات ایزا برای حالت securenat client
- دور زدن isa server 2004 & Proxy توسط کاربران شبکه با SecureNat
- webproxy
- securenat