RE: Deploying ISA 2004 firewall client - how to enforce?
- From: "Jason Merrique" <j.merrique@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 May 2004 16:17:22 +0100
Hi Tom,
Ok, I've just gone through the whole thing, and it seems that I have
just forgotten to add the CNAME to our DNS. So I've done this.
What I would love to know though, is what a correct
http://cerberus/wspad.dat query looks like. And wether or putting that
URL into IE should return something. (I know this isn't the way its
*meant* to work, I'm just guessing that *something* should be returned
from that URL if its working correctly) Because at the moment, I just
get a 404.
Thank you for your patience!
Cheers,
Jason
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: 13 May 2004 15:46
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA 2004 firewall client - how
to enforce?
http://www.ISAserver.org
Hi Jason,
The answer is in here
http://www.tacteam.net/isaserverorg/isaedukit/5automate/5automate.htm
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: Thursday, May 13, 2004 9:37 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA 2004 firewall
client - how to enforce?
http://www.ISAserver.org
Hi Tom,
It does appear as though DHCP is working though. Here's
an example of the regular firewall logs that keep coming up:
5/13/2004 3:31:17 PM <client IP> 0.0.0.0
http://cerberus/wspad.dat anonymous 8080 http GET No Proxy
CERBERUS cerberus TCP - - - - - - 0 1 0 56 0x0 0x0 0x0 Web Proxy
Filter 0.0.0.0
Note that the origin of the request is from a user that
isn't an Administrator or Power User.
What concerns me at the moment is that there is indeed
nothing published at http://cerberus/wspad.dat surely there should be?
In fact, the file wspad.dat isn't to be found anywhere on the ISA
server. Do you know at which point is this file created and published?
Cheers,
Jason
________________________________
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: 13 May 2004 14:57
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA 2004
firewall client - how to enforce?
http://www.ISAserver.org
Hi Jason,
That may solve your problem, but it sounds like
you still have a significant name resolution issue and correct
qualification of unqualified WPAD DNS queries. Remember that DHCP WPAD
only works for Adminstrators and I believe, Power Users.
http://support.microsoft.com/default.aspx?scid=kb;en-us;312864
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: Thursday, May 13, 2004 8:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Aha! I think I've found the problem.
The AutoDiscovery information was just
not being published.
From Help File:
<snip>
To publish automatic discovery
information
1. In the console tree of ISA
Server Management, click Firewall Policy.
Where? <ms-its:Y:\Microsoft ISA
Server 2004 Beta\isa.chm::/FW_H_PublishAutoDisc.htm#>
* Microsoft ISA Server 2004
* Server_Name
* Configuration
* Networks
2. In the details pane, select the
applicable network (usually Internal).
3. On the Tasks tab, click Edit
Selected Network.
4. On the Auto Discovery tab,
select Publish automatic discovery information.
5. In Use this port for automatic
discovery requests, type the port number on which the ISA Server should
listen for WPAD and WSPAD requests.
Notes
* To open ISA Server Management,
click Start, point to All Programs, point to Microsoft ISA Server, and
then click ISA Server Management.
* Click the Apply button in the
details pane to save the changes and update the ISA Server
configuration.
</snip>
Hopefully this will sort things out :)
Cheers Tom.
Jason
________________________________
From: Jason Merrique
[mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: 13 May 2004 14:27
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Cheers Tom,
Would the answer be applicable for ISA
2004?
Cheers,
Jason
________________________________
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: 13 May 2004 14:15
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Deploying ISA
2004 firewall client - how to enforce?
http://www.ISAserver.org
Hi Jason,
Here's a chapter from the ISA EDU kit.
There a golden nuggets dispersed through this kit.
http://www.tacteam.net/isaserverorg/isaedukit/5automate/5automate.htm
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond:
http://tinyurl.com/1jq1
Configuring ISA Server:
http://tinyurl.com/1llp
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: j.merrique@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: j.merrique@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
