RE: Help with the web proxy setup in ISA 2004
- From: "Roy Tsao" <roy_tsao@xxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 27 May 2005 07:14:28 -0600
S guy,
To be perfectly honest with you, it is first time for me to know
wpad entry is reuired in dns for "autoproxy" I/O "autodectection"
(=autodisvoery). I never know it shall be prepare for webproxy/fwc client!
Thanks,
Roy Tsao
P.S.: why don't you spend you time with you lovely wife, network is not
your main after your marriage otherwise your wife shall complain you a lot
in talking with lot of guys known! Kidding!!!
> Roy
>
> Yes you need a wpad entry in dns pointing to the internal ip of isa.
>
> Also make sure your wpad string is http://wpad/wpad.dat
>
>
> WITH NO PORT NUMBER after the 1st wpad
>
> S
>
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> Sent: Friday, May 27, 2005 10:03 AM
> To: ISA Mailing List
> Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
>
> http://www.ISAserver.org
>
> Dear Jim-san,
>
> Sorry for disturbing you a lot but please be advised that I am not pro.
> in network (it is just my private fan to learn computer network which is
> far from my present career), nor I am a native English speaker but
> oriental guy, please be patient!
>
> 1) unfiltered logs: I am not trying to hide it but it will be very hard
> for you to read it out since my ISA version is not English so you
> may not judge what it is. May I try to take it out and send it to
> your private address.
> 2) Brower configuration: the brower at client end has no setting since
> FWC is installed namely initially not setting and it becomes
> autoconfiguration webproxy client as per FWC's setting. The
> autoconfiguration is checked finally with no other options. That's why I
> did not answer the browser's question
> 3) Request merchanisam on http://wpad...: It is really a helpful
> information for me to know those form you. I can download wpad.dat if I
> replace "wpad"
> into "firewall_host_name:8080". Shall I sent this file to you? Also, do
> I need to configure DHCP to point WPAD into right ISABOX internal
> address, I am getting confused in WPADed things aside from
> autodectection.
>
> Thanks,
>
> Roy Tsao
>
> > The discussion centers on "autoconfiguration".
> > This functionality is based on a request for http://wpad/wpad.dat from
>
> > the browser and http://wpad/wspad.dat from the FWC.
> > This is why I want you to examine the wpad.dat.
> >
> > You still have not answered the browser question.
> > You still have not provided unfiltered log entries.
> >
> > This isn't magic, Roy and I don't read minds.
> > I do tire of playing oral surgeon, though.
> >
> > -----Original Message-----
> > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > Sent: Thursday, May 26, 2005 9:04 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
> >
> > http://www.ISAserver.org
> >
> > Dear Harrison-san,
> >
> > The setting of my present VM lab ISA box is:
> > - Access rules only two:
> > 1) allow internal to external/all protocol /all users
> > 2) deny all as default
> >
> > - Internal Network Property:
> > <Firewall Client>
> > [CHECK] Enable Firewall Client support
> > [UNCHECK] Auto detect setting
> > [CHECK] Auto config script
> > [SELECT] Use custom URL =
> http://isalocal.firewall.local:8080...
> > [UNCHECK] Use a Web Proxy Server
> > <Domain>
> > *.firewall.local
> > <Web Brower>
> > [CHECK] Bypass Proxy for Web server in this network
> > [CHECK] Directly Access computer specified in the Domain tab.
> > Directly Access server & domain: *.firewall.local
> > <Web Proxy>
> > [CHECK] Enable Web proxy client
> > [CHECK] HTTP at 8080
> > Authentication: [CHECK] Integrated/ Require All User to
> > authenticate
> > <Auto Discovery>
> > No setting
> > <Address>
> > 10.0.0.0-10.0.0.255
> >
> > Web browser setting at client end will be automatically configured by
> > FCW setting and become WebProxy client for HTTP.
> >
> > I don't know why I need a wpad.dat since no auto discocery.
> >
> >
> >
> >
> >
> >
> >
> >
> > > Please stop trimming the thread.
> > >
> > > I advise that you provide more than a single modified log entry.
> > > I can't help you if you insist on filtering the data.
> > >
> > > Additional questions:
> > > Q1 - exactly how is the browser configured?
> > > Q2 - exactly what is the web proxy configuration for the Internal
> > > network?
> > > Q3 - when you do receive the wpad.dat file, exactly what data is
> > > found between "{" and "}" in:
> > > "function MakeIPs"
> > > And
> > > "function MakeNames()"
> > >
> > >
> > > -----Original Message-----
> > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > > Sent: Thursday, May 26, 2005 3:22 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
> > >
> > > http://www.ISAserver.org
> > >
> > > I did understand your points, also I have took a examin at whole
> > > logs before & after changing from FQDN to hostname.
> > >
> > > Anyhow, when FQDN is used, there is POPUP asking for authentication,
>
> > > could you advise any possible reason?
> > >
> > > Thanks,
> > >
> > > Roy Tsao
> > >
> > >
> > > Try not to "filter" the log data.
> > > "Imaginary" information is useless.
> > > If you have a problem sending it to the list, then you need to
> > > rethink your security model.
> > > "Security by obscurity is no security at all".
> > >
> > > Also, you should examine more than a single log entry - it's just as
>
> > > likely that you're looking at the wrong one.
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax
>
> > > Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> The correct technical term for haggis stalking is "havering".
Other related posts:
