locked
Monitor all Internet usage RRS feed

  • Question

  • Hi all,

    I am looking at some way of setting up ISA server to be an Internet proxy server.
    My experiences with it so far are far from spectacular.

    Is there a way to set up the ISA Server 2006 to allow ALL traffic (I mean ALL) traffic and just log it.
    At this stage we do not want to block anything, just log it and report it by username.

    Is this possible?

    I had it set up on a single network adapter computer to start with, and can understand that this would not work very efficiently.

    I then set it up on a computer with two network cards, but still it is not working well.
    The internet slows down far too much and the ISA server is still blocking stuff. I don't want it blocking anything.
    I want a monitor, not a blocker.

    Is ISA Server 2006 suitable for this?

    If so, can anyone give some detailed instructions for how to configure it?

    If not, can anyone recommend a better solution?
    Tuesday, July 7, 2009 4:57 AM

Answers

  • Hi,

    >> Is there a way to set up the ISA Server 2006 to allow ALL traffic (I mean ALL) traffic and just log it.
    >> At this stage we do not want to block anything, just log it and report it by username.

    you don't need a Firewall when you allow all traffic!
    If you want to use ISA Server to monitor ALL traffic, this is not possible because to log traffic with usernames in the logs, you have to use the Webproxy or Firewall client from ISA Server but both clients only allows user logging for web traffic (webproxy) or TCP/UDP based programs (Firewall client) only. All other protocol type wouldn't be logged!

    >> Is this possible?

    no, not all traffic

    >> I had it set up on a single network adapter computer to start with, and can understand that this would not work very efficiently.

    Single NIC template is limited:
    http://technet.microsoft.com/en-us/library/cc302586.aspx

    >> I want a monitor, not a blocker.

    You should have a look at another program which only is suitable for logging:
    http://www.google.de/search?hl=de&q=monitor+internet+traffic+usage+user&meta=

    >> Is ISA Server 2006 suitable for this?

    no

    regards Marc
    www.nt-faq.de
    www.it-training-grote.de
    Tuesday, July 7, 2009 5:24 AM

All replies

  • Hi,

    >> Is there a way to set up the ISA Server 2006 to allow ALL traffic (I mean ALL) traffic and just log it.
    >> At this stage we do not want to block anything, just log it and report it by username.

    you don't need a Firewall when you allow all traffic!
    If you want to use ISA Server to monitor ALL traffic, this is not possible because to log traffic with usernames in the logs, you have to use the Webproxy or Firewall client from ISA Server but both clients only allows user logging for web traffic (webproxy) or TCP/UDP based programs (Firewall client) only. All other protocol type wouldn't be logged!

    >> Is this possible?

    no, not all traffic

    >> I had it set up on a single network adapter computer to start with, and can understand that this would not work very efficiently.

    Single NIC template is limited:
    http://technet.microsoft.com/en-us/library/cc302586.aspx

    >> I want a monitor, not a blocker.

    You should have a look at another program which only is suitable for logging:
    http://www.google.de/search?hl=de&q=monitor+internet+traffic+usage+user&meta=

    >> Is ISA Server 2006 suitable for this?

    no

    regards Marc
    www.nt-faq.de
    www.it-training-grote.de
    Tuesday, July 7, 2009 5:24 AM
  • Thanks for the reply.

    That pretty much confirms my suspicions.

    Lets say I want to allow all traffic, but log only internet traffic (http/https).
    (If possible p2p and torrents too)

    Do you know of any ways to go about this?

    Even though the answer may not be ISA, is there  any suggestions where to begin looking?
    I have googled a bit, most most forums result in a debate about the ethics behind monitoring internet usage and the actual question is forgotten.
    We have many reasons for doing this, and all staff will be made aware of it and sign agreements.

    Tuesday, July 7, 2009 11:44 AM
  • Hi,

    create a rule which allows webtraffic for the user group which should be allowed to access the web.
    After that create a rule for each other protocol you want to allow for all users, or if you use the Firewall client (TCP/UDP only), for specific user groups.

    regards Marc
    www.nt-faq.de
    www.it-training-grote.de
    Tuesday, July 7, 2009 5:20 PM
  • I will try a couple of other Proxy Servers and see how they go.
    Like you mentioned earlier, we do not need the firewall part of ISA, and since that is the main usage of ISA it may not be the best tool for our requirements.

    If all else fails, I will try out the ISA again and just make as many allow rules as neccesary to get things working.

    If anyone has any recommendations for a non-firewall web proxy server, feel free to post them here.

    Cheers.
    Wednesday, July 8, 2009 5:35 AM
  • I am just curious, why don´t you want to use the firewall function in ISA? The combination is perfect, easy administration to use Active Directory groups and one of the most secure firewall with application layer inspection etc...

    Thursday, July 9, 2009 12:11 PM
  • The main reason for not using the firewall function was that it was too difficult to allow all traffic through.
    Even the rule that supposedly allowed all http traffic was blocking things according to the logs.
    I think it was mainly pings and netbios things it was blocking, but according to the rule, it was an Allow rule and should not have blocked anything anyway.
    The behaviour was confusing me too much. It is a new system I have not worked much on, and in the time frame I have been given to get this internet monitoring up and running, I do not really have the time to sit down and figure out all the inner workings.
    The only thing we were looking for was a system to log and report on all internet usage without impacting anything else.

    I also think cost has a factor, as we have about 12 sites which will need the same system set up at each. 12 ISA Servers will get pretty expensive.

    Currently looking at a Squid proxy .... ISA looks very straight forward compared to this...

    Thursday, July 9, 2009 12:24 PM
  • The question is on topic which I have been searching for too. My requirements are to monitor ALL internet usage. Employees also log onto the company network by using vpns. For the duration of the vpn connection company's internet gateway acts as their default gateway also. I m looking for a solution to monitor the internet traffic for local as well as vpn users, along with details like the duration of the vpn connection, when the connection was created & destroyed, as well as amount of bandwidth consumed by a particular user.

    Is it possible to achieve this with ISA 2004/2006? Also, is it possible to log p2p softwares traffic as asked by the original poster? It satisfies both conditions, i.e it is a web traffic and uses TCP & UDP?


    Regards,
    wakh
    Wednesday, July 15, 2009 10:28 PM
  • Actually, you even don't need to setup a proxy server.
    Just by setting up a mirror port in your switch, and mirror all internet traffic to an internet monitoring software. You're able to monitor all users' internet activities.

    WFilter will be a good choice: www.imfirewall.us
    Saturday, August 1, 2009 6:28 AM