Hi Paul, You shoud rethink your opinion of the Firewall client. The firewall client is one of the major features that separates an ISA firewall from other firewalls. Without the Firewall client, you have just a dumb, no intelligent outbound access control firewall like a pix. Why? Because its this client piece that allows user/group based access controls for *ALL* protocols and it does not require the application to be proxy aware and there does not need to be a dedicated "proxy" component. Even with SOCKS, the application has to be written to be SOCKS aware. The Firewall client allows you to use any application behind the ISA firewall. No other firewall that I'm aware can do this. The Firewall client is the way, the truth and the light. The only compliant I have is that the documentation on how to actually use the settings in the wspcfg.ini file are as clear as mud. :-) Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Paul Aitchison [mailto:pdaitch@xxxxxxxxxxxxxxx] Sent: Wednesday, August 27, 2003 1:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org I realise that Amy, But it is extreme to lump the Firewall Client on every PC. Any of the sites we roll out ISA into we purposely avoid putting the Firewall Client on every PC and I'd assume that it was David is trying to avoid as well. Last thing you want is users with the Firewall Client to be installing spyware and stuff that will pass thru ISA without a thought. David, in response for IE to autodetect the proxy you need to setup the Auto Discovery feature of IE i.e. create a WPAD alias in DNS and/or also a server scope option in DHCP. IE if configured to automatically discover proxy should look to ur DNS for the WPAD alias and off it goes. Cheers Paul Senior IT Technician MCSE Rampant Technology -----Original Message----- From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, 27 August 2003 12:46 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org Yes, the default is to autodetect but the firewall client corrects this and enters in the necessary settings under manual. It does it all for you so you don't have to go from workstation to workstation. Amy -----Original Message----- From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 26, 2003 10:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org Sorry, I should have clarified my question better.... I was reading over some "tips & tricks" to help improve network performance. One of the suggestions what to avoid letting user systems from auto-detecting settings if at all possible since it requires more time to negotiate the detection. One of these is the proxy configuration... I'm not sure but I thought the default for IE is to auto detect.... -----Original Message----- From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 26, 2003 9:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org When you install the firewall client on the workstations it puts in the IE settings for you. By using the setup computer wizard on the server you can have the firewall client install automatically for each new user, along with any other software you wish the user to have. Amy -----Original Message----- From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 26, 2003 10:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org Thanks to everyone who responded. We corrected the problem by manually configuring the proxy settings in each of the users IE browsers. On a side note... is there a "simple" way to have this pre-configured when we add new user system to the network? Thanks again to everyone for their help. -----Original Message----- From: Paul Aitchison [mailto:pdaitch@xxxxxxxxxxxxxxx] Sent: Tuesday, August 26, 2003 9:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org Alternatively, You can set up the autodetection in ISA by creating the scope option in your DHCP server. This is a simple one, are the users that are accessing the web (or attempting to) members of the Backoffice Internet Users group? Cheers Paul ________________________________________ From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, 27 August 2003 3:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org You'll need the Firewall client running on the workstations. It will configure the manual proxy settings in your browser - auto detect will not work. Amy Babinchak Technology Consultant Harbor Computer Services -----Original Message----- From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 26, 2003 11:45 AM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: Internet Access behind SBS Re 1: The wizard created a protocol rule that allows all IP traffic and applies to all users. Re 2: When running the setup within tools/internet options/connection we have configured to autodetect proxy settings.... All internal clients are using DHCP settings on their NIC so IP's, DNS and gateways should be sent to them from the SBS server... -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Tue 8/26/2003 10:32 AM To: [ISAserver.org Discussion List] Cc: Subject: [isalist] RE: Internet Access behind SBS http://www.ISAserver.org Couple of things: 1) Make sure you have a protocol rule defined, otherwise you aren't getting out. Easiest is to create one that allows all traffic (this is outbound only). 2) Are your clients configured as web proxy clients or snat clients? (web proxy=proxy settings configured in a browser, snat=def. gateway set to the internal ISA ip) -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: David Liles [mailto:dave@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 26, 2003 11:19 AM To: [ISAserver.org Discussion List] Subject: Internet Access behind SBS http://www.ISAserver.org This is a multi-part message in MIME format. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dave@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pdaitch@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dave@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dave@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pdaitch@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')