Hi all, I am looking for some ideas and details about setting up the following: Proxy Server to monitor all internet usage (WITHOUT blocking anything) All internet traffic must pass through the proxy, so that there is no way to bypass the proxy (without USB Internet cards of course) I assumed a dual-NIC Win2k3 box with Squid proxy installed would do the job if plugged in between the network and the internet connection. but I can't seem to get the internet traffic to pass throught the server machine. I have also tried an ISA server, but that blocks internet traffic by default, and it needs a lot of stuffing around to allow all data through, and even then it still seemed to block things. Obviously, this isn't my strong area, so any solutions would be good.

hi The_green_ant,Thank you for posting in windows server forum, Microsoft initailly worked on proxy server, but later it modified the proxy server as ISA server, i would strongly believe that ISA server is the best software firewall and Proxy as of today in the market and there is no harm in implementing the solution. for your reference please find the info below Forefront Threat Management Gateway is the future version of Microsoft ISA Server and will extend the capabilities of ISA Server 2006 with new features and security technologies, designed to help provide multiple-threat protection, simplified management and secure connectivity, and will be built on Windows Server 2008. More details about Forefront Threat Management Gateway will be available later this year. Source : http://www.microsoft.com/presspass/press/2008/apr08/04-08ForefrontBetaPR.mspx?rss_fdn=Press%20Releases Download the Beta version if you want : http://www.microsoft.com/downloads/details.aspx?FamilyID=65bd5f8a-d94c-457a-9f88-2046597130e1&displaylang=en Here are the system requirement : Forefront Threat Management Gateway Component Processor and memory Operating system Software Hard disk Forefront Threat Management Gateway 1 GHz or faster processor1 GB of RAM or more Microsoft Windows Server® 2008 x64 editions Microsoft SQL Server 2005 Express Edition 150 MB or more Source : http://www.microsoft.com/forefront/stirling/en/us/system-requirements.aspx Forefront Technet Forum,http://social.technet.microsoft.com/Forums/en-US/category/forefrontedgesecurity sainath !analyze

assuming you have a server OS installed and ready to go you could have ISA 2006 up and running in under 1 hour.The default rule Deny All is the industry standard for any good firewall.In your scenario you would need to add an access rule to allow all traffic from internal network to external network.

I would have to agree with both responses above - ISA server is the way to go.

Thanks for the responses.I will give ISA another run, though I did have issues with it still blocking things after I had created a rule to allow all traffic from internal network to external network.I know that Firewalls are supposed to have a block all rule by default, but like I mentioned, we did not want a firewall as such, just a data logger.We have a hardware firewall in place already.This is managed by our ISP, so we wanted an internally managed proxy server in addition to that firewall.

Best of luck the_green_ant, during setup if you encounter any issues feel free to post in the forums.sainath !analyze