Hi Andy, Do not fear the firewall client. Instead, learn to love and embrace the firewall the client. Its the Firewall client that enables you to run rings around Sonicwall "open a port" type NAT devices (nee firewalls). DHCP wpad shouldn't be hanging up IE, but that's another issue. I'm not clear on the details of your DNS deployment, but you can configure each DNS server, on its own network, with its own wpad entry. Since DHCP assigns a different DHCP server for each site, this will work. Again, this is dependent on your DNS infrastructure. HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Andy Haigh [mailto:ahaigh@xxxxxxxxxxxxxxxx] Sent: Monday, November 21, 2005 7:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] Automated Client config http://www.ISAserver.org Hi all, I have been trying to work out how to setup ISA 2004 to allow users to move between four separate sites and have their proxy conifgs in the IE change automatically. The sites are a little different in that two of them are SBS2003 systems and the other two are native Windows 2003 which are in one domain setup as sites. So the details are: Site 1 SBS2003 SP1 sbs1.domain1.local Site 2 SBS2003 SP1 sbs2.domain2.local Site 3 W2K3 ISA2004 isa1.domain.local Site 4 W2K3 ISA2004 isa2.domian.local I have been trying to use wpad configured in DHCP as thought this would be the easiest way, due to having two ISA servers in the same domain. This does seem to work but is very slow and has a tendancy to hang Internet Explorer. Here is the setup of the wpad.dat file function FindProxyForURL(url, host) { if (isPlainHostName(host) || dnsDomainIs(host, ".domain.local") || isInNet(host, "172.22.11.0", "255.255.255.0")) return "DIRECT"; else return "PROXY isa1.domain.local:8080; DIRECT"; } They currently have the proxy settings manually configured in IE. Please could I get suggestions on the best way to achieve this, the preference is not to install the Firewall Client but this can be done if it's the best way to go. Thanks Andy ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx