RE: Deploying ISA 2004 firewall client - how to enforce?

Hi Tom,
 
Ok, I've just gone through the whole thing, and it seems that I have
just forgotten to add the CNAME to our DNS. So I've done this.
What I would love to know though, is what a correct
http://cerberus/wspad.dat query looks like. And wether or putting that
URL into IE should return something. (I know this isn't the way its
*meant* to work, I'm just guessing that *something* should be returned
from that URL if its working correctly) Because at the moment, I just
get a 404.
 
Thank you for your patience!
 
Cheers,
 
Jason

 


________________________________

        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
        Sent: 13 May 2004 15:46
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Deploying ISA 2004 firewall client - how
to enforce?
        
        
        http://www.ISAserver.org
        
        Hi Jason,
         
        The answer is in here
         
        
http://www.tacteam.net/isaserverorg/isaedukit/5automate/5automate.htm
         
        HTH,
        Tom
         
        Thomas W Shinder
        www.isaserver.org/shinder
        ISA 2004 Beta - Get it now!
        http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp> 
        ISA Server and Beyond: http://tinyurl.com/1jq1
        Configuring ISA Server: http://tinyurl.com/1llp
        
         

                -----Original Message-----
                From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]

                Sent: Thursday, May 13, 2004 9:37 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Deploying ISA 2004 firewall
client - how to enforce?
                
                
                http://www.ISAserver.org
                
                Hi Tom,
                 
                It does appear as though DHCP is working though. Here's
an example of the regular firewall logs that keep coming up:

                5/13/2004 3:31:17 PM <client IP> 0.0.0.0
http://cerberus/wspad.dat anonymous 8080  http     GET  No Proxy
CERBERUS  cerberus TCP  - -  -  - - - 0 1 0 56 0x0 0x0 0x0 Web Proxy
Filter 0.0.0.0
                
                 
                Note that the origin of the request is from a user that
isn't an Administrator or Power User.
                 
                What concerns me at the moment is that there is indeed
nothing published at http://cerberus/wspad.dat surely there should be?
In fact, the file wspad.dat isn't to be found anywhere on the ISA
server. Do you know at which point is this file created and published?
                 
                Cheers,
                 
                Jason

                           
________________________________

                        From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx] 
                        Sent: 13 May 2004 14:57
                        To: [ISAserver.org Discussion List]
                        Subject: [isalist] RE: Deploying ISA 2004
firewall client - how to enforce?
                        
                        
                        http://www.ISAserver.org
                        
                        Hi Jason,
                         
                        That may solve your problem, but it sounds like
you still have a significant name resolution issue and correct
qualification of unqualified WPAD DNS queries. Remember that DHCP WPAD
only works for Adminstrators and I believe, Power Users.
        
http://support.microsoft.com/default.aspx?scid=kb;en-us;312864
                         
                        HTH,
                        Tom
                         
                        Thomas W Shinder
                        www.isaserver.org/shinder
                        ISA 2004 Beta - Get it now!
        
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp> 
                        ISA Server and Beyond: http://tinyurl.com/1jq1
                        Configuring ISA Server: http://tinyurl.com/1llp
                        
                         

                                -----Original Message-----
                                From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx] 
                                Sent: Thursday, May 13, 2004 8:47 AM
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
                                
                                
                                http://www.ISAserver.org
                                
                                Aha! I think I've found the problem.
                                 
                                The AutoDiscovery information was just
not being published.
                                 
                                From Help File:
                                 
                                <snip>
                                To publish automatic discovery
information

                                1.      In the console tree of ISA
Server Management, click Firewall Policy. 

                                        Where? <ms-its:Y:\Microsoft ISA
Server 2004 Beta\isa.chm::/FW_H_PublishAutoDisc.htm#> 

                                *       Microsoft ISA Server 2004 
                                *       Server_Name 
                                *       Configuration 
                                *       Networks 

                                2.      In the details pane, select the
applicable network (usually Internal). 
                                3.      On the Tasks tab, click Edit
Selected Network. 
                                4.      On the Auto Discovery tab,
select Publish automatic discovery information. 
                                5.      In Use this port for automatic
discovery requests, type the port number on which the ISA Server should
listen for WPAD and WSPAD requests. 

                                 Notes

                                *       To open ISA Server Management,
click Start, point to All Programs, point to Microsoft ISA Server, and
then click ISA Server Management. 
                                *       Click the Apply button in the
details pane to save the changes and update the ISA Server
configuration. 

                                </snip>

                                Hopefully this will sort things out :)

                                Cheers Tom.

                                Jason 
________________________________

                                From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx] 
                                Sent: 13 May 2004 14:27
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
                                
                                

                                http://www.ISAserver.org
                                
                                Cheers Tom,
                                 
                                Would the answer be applicable for ISA
2004?
                                 
                                Cheers,
                                 
                                Jason
                                 


________________________________

                                From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx] 
                                Sent: 13 May 2004 14:15
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
                                
                                
                                http://www.ISAserver.org
                                
                                Hi Jason,
                                 
                                Here's a chapter from the ISA EDU kit.
There a golden nuggets dispersed through this kit.
                                 
        
http://www.tacteam.net/isaserverorg/isaedukit/5automate/5automate.htm
                                 
                                HTH,
                                Tom
                                 
                                Thomas W Shinder
                                www.isaserver.org/shinder
                                ISA 2004 Beta - Get it now!
        
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp> 
                                ISA Server and Beyond:
http://tinyurl.com/1jq1
                                Configuring ISA Server:
http://tinyurl.com/1llp
                                

        
------------------------------------------------------
                        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        
------------------------------------------------------
                        Other Internet Software Marketing Sites:
                        Leading Network Software Directory:
http://www.serverfiles.com
                        No.1 Exchange Server Resource Site:
http://www.msexchange.org
                        Windows Security Resource Site:
http://www.windowsecurity.com/
                        Network Security Library: http://www.secinf.net/
                        Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
        
------------------------------------------------------
                        You are currently subscribed to this
ISAserver.org Discussion List as: j.merrique@xxxxxxxxxxxxxxx
                        To unsubscribe send a blank email to
$subst('Email.Unsub') 

                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Other Internet Software Marketing Sites:
                Leading Network Software Directory:
http://www.serverfiles.com
                No.1 Exchange Server Resource Site:
http://www.msexchange.org
                Windows Security Resource Site:
http://www.windowsecurity.com/
                Network Security Library: http://www.secinf.net/
                Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub') 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: j.merrique@xxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: