locked
ISA/TMG Report assign "name" to IP-Address for not authorized Webproxyclient RRS feed

  • Question

  • Hi

    Is it possible, to assign a "real name" to each IP-Address in the TMG/ISA so that this "real name" is displayed in the TMG/ISA report instaed of the IP-Address?
    My TMG/ISA is running in a "workgroup" (not in a Domain)

    Thanks for any help
    Markus

    Sunday, November 7, 2010 7:13 AM

Answers

  • Hi,

    the first HTTP request from Internet Explorer is always anonymous. If ISA/TMG is configured to require authentication in the Firewall rules, the next request from the Browser is with authentication.
    To see Username instaed of IP addresses in the ISA/TMG logs, you must require authentication in your Firewall rule set and you must use the Webproxy or ISA Firewall client! A SecureNAT client doesn't support authentication in Firewall rules. There is Third Party Software for SecureNAT clients called Loghostname (http://www.collectivesoftware.com/Products/LogHostname)
    The ISA Firewall client is not a good idea in ISA/TMG Workgroup mode because you doesn't have integrated authentication so it is required to mirror the user accounts on ISA /TMG
    If ISA is in workgroup mode you have to use RADIUS if you want to restrict the Firewall rules for specific users or groups.


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    • Proposed as answer by Miles Zhang Monday, November 8, 2010 9:37 AM
    • Marked as answer by Miles Zhang Tuesday, November 9, 2010 9:11 AM
    Sunday, November 7, 2010 10:45 AM

All replies

  • Hi,

    the first HTTP request from Internet Explorer is always anonymous. If ISA/TMG is configured to require authentication in the Firewall rules, the next request from the Browser is with authentication.
    To see Username instaed of IP addresses in the ISA/TMG logs, you must require authentication in your Firewall rule set and you must use the Webproxy or ISA Firewall client! A SecureNAT client doesn't support authentication in Firewall rules. There is Third Party Software for SecureNAT clients called Loghostname (http://www.collectivesoftware.com/Products/LogHostname)
    The ISA Firewall client is not a good idea in ISA/TMG Workgroup mode because you doesn't have integrated authentication so it is required to mirror the user accounts on ISA /TMG
    If ISA is in workgroup mode you have to use RADIUS if you want to restrict the Firewall rules for specific users or groups.


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    • Proposed as answer by Miles Zhang Monday, November 8, 2010 9:37 AM
    • Marked as answer by Miles Zhang Tuesday, November 9, 2010 9:11 AM
    Sunday, November 7, 2010 10:45 AM
  • Is this the only possiblity to buy a software for this?
    Is there no other way to display the "real name" instead of the IP-Address without a third party software?

    Kind regards, Markus
    Friday, November 12, 2010 5:24 AM