RE: Help with the web proxy setup in ISA 2004
- From: "Roy Tsao" <roy_tsao@xxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 27 May 2005 11:48:43 -0600
Hi Jim,
1) The configuration infomration including log/wspad/wpad will be sent to
you e-mail address shortly
2) As for broswer setting, as you can see from my config data, only
autoconfig
setting is checked as per FWC.
Thanks,
Roy Tsao
> Hi Roy,
>
> The logs that show IP data and URLs are not localized. In fact, the
> only part of the logs that are localized are error messages (I can read
> error numbers) and your rule names.
>
> The browser *always* has a setting, especially after the FWC is
> installed.
> Based on your descriptions, since "firewall_host_name:8080" can get the
> auto-config file, but "firewall_fqdn:8080" cannot, it's clear that your
> auto-configuration and client name resolution are not configured
> properly.
>
> Yes - please send the two files (wpad & unfiltered log results).
>
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> Sent: Friday, May 27, 2005 6:03 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
>
> http://www.ISAserver.org
>
> Dear Jim-san,
>
> Sorry for disturbing you a lot but please be advised that I am not pro.
> in network (it is just my private fan to learn computer network
> which is far from my present career), nor I am a native English
> speaker but oriental guy, please be patient!
>
> 1) unfiltered logs: I am not trying to hide it but it will be very hard
> for you to read it out since my ISA version is not English so you
> may not judge what it is. May I try to take it out and send it to
> your private address.
> 2) Brower configuration: the brower at client end has no setting since
> FWC is installed namely initially not setting and it becomes
> autoconfiguration webproxy client as per FWC's setting. The
> autoconfiguration
> is checked finally with no other options. That's why I did not answer
> the
> browser's question
> 3) Request merchanisam on http://wpad...: It is really a helpful
> information for me to know those form you. I can download wpad.dat if I
> replace "wpad"
> into "firewall_host_name:8080". Shall I sent this file to you? Also, do
> I
> need
> to configure DHCP to point WPAD into right ISABOX internal address, I am
> getting confused in WPADed things aside from autodectection.
>
> Thanks,
>
> Roy Tsao
>
> > The discussion centers on "autoconfiguration".
> > This functionality is based on a request for http://wpad/wpad.dat from
> > the browser and http://wpad/wspad.dat from the FWC.
> > This is why I want you to examine the wpad.dat.
> >
> > You still have not answered the browser question.
> > You still have not provided unfiltered log entries.
> >
> > This isn't magic, Roy and I don't read minds.
> > I do tire of playing oral surgeon, though.
> >
> > -----Original Message-----
> > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > Sent: Thursday, May 26, 2005 9:04 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
> >
> > http://www.ISAserver.org
> >
> > Dear Harrison-san,
> >
> > The setting of my present VM lab ISA box is:
> > - Access rules only two:
> > 1) allow internal to external/all protocol /all users
> > 2) deny all as default
> >
> > - Internal Network Property:
> > <Firewall Client>
> > [CHECK] Enable Firewall Client support
> > [UNCHECK] Auto detect setting
> > [CHECK] Auto config script
> > [SELECT] Use custom URL =
> http://isalocal.firewall.local:8080...
> > [UNCHECK] Use a Web Proxy Server
> > <Domain>
> > *.firewall.local
> > <Web Brower>
> > [CHECK] Bypass Proxy for Web server in this network
> > [CHECK] Directly Access computer specified in the Domain tab.
> > Directly Access server & domain: *.firewall.local
> > <Web Proxy>
> > [CHECK] Enable Web proxy client
> > [CHECK] HTTP at 8080
> > Authentication: [CHECK] Integrated/ Require All User to
> > authenticate
> > <Auto Discovery>
> > No setting
> > <Address>
> > 10.0.0.0-10.0.0.255
> >
> > Web browser setting at client end will be automatically configured by
> > FCW setting and become WebProxy client for HTTP.
> >
> > I don't know why I need a wpad.dat since no auto discocery.
> >
> >
> >
> >
> >
> >
> >
> >
> > > Please stop trimming the thread.
> > >
> > > I advise that you provide more than a single modified log entry.
> > > I can't help you if you insist on filtering the data.
> > >
> > > Additional questions:
> > > Q1 - exactly how is the browser configured?
> > > Q2 - exactly what is the web proxy configuration for the Internal
> > > network?
> > > Q3 - when you do receive the wpad.dat file, exactly what data is
> found
> > > between "{" and "}" in:
> > > "function MakeIPs"
> > > And
> > > "function MakeNames()"
> > >
> > >
> > > -----Original Message-----
> > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > > Sent: Thursday, May 26, 2005 3:22 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
> > >
> > > http://www.ISAserver.org
> > >
> > > I did understand your points, also I have took a examin at whole
> > > logs before & after changing from FQDN to hostname.
> > >
> > > Anyhow, when FQDN is used, there is POPUP asking for authentication,
> > > could you advise any possible reason?
> > >
> > > Thanks,
> > >
> > > Roy Tsao
> > >
> > >
> > > Try not to "filter" the log data.
> > > "Imaginary" information is useless.
> > > If you have a problem sending it to the list, then you need to
> rethink
> > > your security model.
> > > "Security by obscurity is no security at all".
> > >
> > > Also, you should examine more than a single log entry - it's just as
> > > likely that you're looking at the wrong one.
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
Other related posts:
