This is covered in the ISA help. -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Friday, May 27, 2005 6:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 http://www.ISAserver.org S guy, To be perfectly honest with you, it is first time for me to know wpad entry is reuired in dns for "autoproxy" I/O "autodectection" (=autodisvoery). I never know it shall be prepare for webproxy/fwc client! Thanks, Roy Tsao P.S.: why don't you spend you time with you lovely wife, network is not your main after your marriage otherwise your wife shall complain you a lot in talking with lot of guys known! Kidding!!! > Roy > > Yes you need a wpad entry in dns pointing to the internal ip of isa. > > Also make sure your wpad string is http://wpad/wpad.dat > > > WITH NO PORT NUMBER after the 1st wpad > > S > > -----Original Message----- > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > Sent: Friday, May 27, 2005 10:03 AM > To: ISA Mailing List > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > http://www.ISAserver.org > > Dear Jim-san, > > Sorry for disturbing you a lot but please be advised that I am not pro. > in network (it is just my private fan to learn computer network which is > far from my present career), nor I am a native English speaker but > oriental guy, please be patient! > > 1) unfiltered logs: I am not trying to hide it but it will be very hard > for you to read it out since my ISA version is not English so you > may not judge what it is. May I try to take it out and send it to > your private address. > 2) Brower configuration: the brower at client end has no setting since > FWC is installed namely initially not setting and it becomes > autoconfiguration webproxy client as per FWC's setting. The > autoconfiguration is checked finally with no other options. That's why I > did not answer the browser's question > 3) Request merchanisam on http://wpad...: It is really a helpful > information for me to know those form you. I can download wpad.dat if I > replace "wpad" > into "firewall_host_name:8080". Shall I sent this file to you? Also, do > I need to configure DHCP to point WPAD into right ISABOX internal > address, I am getting confused in WPADed things aside from > autodectection. > > Thanks, > > Roy Tsao > > > The discussion centers on "autoconfiguration". > > This functionality is based on a request for http://wpad/wpad.dat from > > > the browser and http://wpad/wspad.dat from the FWC. > > This is why I want you to examine the wpad.dat. > > > > You still have not answered the browser question. > > You still have not provided unfiltered log entries. > > > > This isn't magic, Roy and I don't read minds. > > I do tire of playing oral surgeon, though. > > > > -----Original Message----- > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > > Sent: Thursday, May 26, 2005 9:04 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > > > http://www.ISAserver.org > > > > Dear Harrison-san, > > > > The setting of my present VM lab ISA box is: > > - Access rules only two: > > 1) allow internal to external/all protocol /all users > > 2) deny all as default > > > > - Internal Network Property: > > <Firewall Client> > > [CHECK] Enable Firewall Client support > > [UNCHECK] Auto detect setting > > [CHECK] Auto config script > > [SELECT] Use custom URL = > http://isalocal.firewall.local:8080... > > [UNCHECK] Use a Web Proxy Server > > <Domain> > > *.firewall.local > > <Web Brower> > > [CHECK] Bypass Proxy for Web server in this network > > [CHECK] Directly Access computer specified in the Domain tab. > > Directly Access server & domain: *.firewall.local > > <Web Proxy> > > [CHECK] Enable Web proxy client > > [CHECK] HTTP at 8080 > > Authentication: [CHECK] Integrated/ Require All User to > > authenticate > > <Auto Discovery> > > No setting > > <Address> > > 10.0.0.0-10.0.0.255 > > > > Web browser setting at client end will be automatically configured by > > FCW setting and become WebProxy client for HTTP. > > > > I don't know why I need a wpad.dat since no auto discocery. > > > > > > > > > > > > > > > > > > > Please stop trimming the thread. > > > > > > I advise that you provide more than a single modified log entry. > > > I can't help you if you insist on filtering the data. > > > > > > Additional questions: > > > Q1 - exactly how is the browser configured? > > > Q2 - exactly what is the web proxy configuration for the Internal > > > network? > > > Q3 - when you do receive the wpad.dat file, exactly what data is > > > found between "{" and "}" in: > > > "function MakeIPs" > > > And > > > "function MakeNames()" > > > > > > > > > -----Original Message----- > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > > > Sent: Thursday, May 26, 2005 3:22 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > > > > > http://www.ISAserver.org > > > > > > I did understand your points, also I have took a examin at whole > > > logs before & after changing from FQDN to hostname. > > > > > > Anyhow, when FQDN is used, there is POPUP asking for authentication, > > > > could you advise any possible reason? > > > > > > Thanks, > > > > > > Roy Tsao > > > > > > > > > Try not to "filter" the log data. > > > "Imaginary" information is useless. > > > If you have a problem sending it to the list, then you need to > > > rethink your security model. > > > "Security by obscurity is no security at all". > > > > > > Also, you should examine more than a single log entry - it's just as > > > > likely that you're looking at the wrong one. > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > World of Windows Networking: http://www.windowsnetworking.com > > > Leading Network Software Directory: http://www.serverfiles.com > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > > > Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > as: > > > jim@xxxxxxxxxxxx > > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com Leading > > Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > isalist@xxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > The correct technical term for haggis stalking is "havering". ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.