Hi Jason, Yes, for the most part. WPAD hasn't changed. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx] Sent: Thursday, May 13, 2004 8:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Cheers Tom, Would the answer be applicable for ISA 2004? Cheers, Jason _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 13 May 2004 14:15 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Hi Jason, Here's a chapter from the ISA EDU kit. There a golden nuggets dispersed through this kit. http://www.tacteam.net/isaserverorg/isaedukit/5automate/5automate.htm HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx] Sent: Thursday, May 13, 2004 7:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Hi Tom, Well thats what I thought.... I've added the WPAD entries to the DHCP scope options (not sure what you mean by DNS though....) but the firewall clients still aren't automatically detecting the server. They can if I *manually* set it to do that, or to "Detect now". It just isn't Enabled by default. It's driving me nuts :\ Cheers, Jason _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 13 May 2004 13:30 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Hi Jason, OK, I think I understand now :-) The best practice for provisioning the Firewall client is by using autodiscovery via DHCP and DNS WPAD entries. Also, the Firewall client share should be placed in an alternate location, so that you can block NetBIOS and Direct Access (TCP 445) to the ISA firewall itself. The WPAD entries will point the Firewall clients to the ISA firewall's internal interface and the Firewall clients will automatically detect their settings. The default configuration of the Firewall client is enabled and to use autodiscovery for autoconfiguration. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx] Sent: Thursday, May 13, 2004 7:17 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Hi Tom, The ISA Firewall is configured properly, and it properly services users with properly configured Firewall Clients. It looks like I didn't phrase that sentence properly: "But my point is that the firewall isn't used by default. i.e. It's not active and needs to be configured before use." should be "But my point is that the firewall isn't used by default. i.e. On client machines the Firewall Client not active and needs to be configured before use." :) Jason _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 13 May 2004 12:47 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Hi Jason, If the ISA firewall isn't configured, the Firewall client isn't going to be much help. Right? Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx] Sent: Thursday, May 13, 2004 6:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Hi Tom, I can set the access rules to only allow access through the firewall client. But my point is that the firewall isn't used by default. i.e. It's not active and needs to be configured before use. Cheers, Jason _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 13 May 2004 12:25 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deploying ISA 2004 firewall client - how to enforce? http://www.ISAserver.org Hi Jason, If you configure your access rules correctly, it'll enforce the use of the Firewall client :-) HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp