RE: Help with the web proxy setup in ISA 2004
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 29 May 2005 07:00:09 -0500
Hi Roy-sama
The entries in DNS or DHCP provide the client information about how to
get the autoconfiguration information. That information is published on
the autodiscovery port you configure on the ISA firewall.
HTH,
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
Sent: Friday, May 27, 2005 1:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
http://www.ISAserver.org
Thank you Shinder-san. Yup, I did know the setting for autodiscovrey
through both DHCP and DNS BUT BUT I have not known this kind of
setting for WPAD also needed for "Autoconfig", if so I have taken
a basic wrong concept regarding autocnfig setting, believe
not small number of ISA guys are the same, then I could understand
many posts in local forum here asking about why POPUP window
for authenciation though autoconfig is setted up.
> Hi Roy,
>
> Works the same in ISA Server 2004 (mostly):
>
> http://www.isaserver.org/img/upl/isaedukit/5automate/5automate.htm=20
>
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=20
> Sent: Friday, May 27, 2005 8:14 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
>
> http://www.ISAserver.org
>
> S guy,
>
> To be perfectly honest with you, it is first time for me to know
> wpad entry is reuired in dns for "autoproxy" I/O "autodectection"
> (=3Dautodisvoery). I never know it shall be prepare for webproxy/fwc
> client!
>
> Thanks,
>
> Roy Tsao
>
> P.S.: why don't you spend you time with you lovely wife, network is
not
> your main after your marriage otherwise your wife shall complain you a
> lot
> in talking with lot of guys known! Kidding!!!
>
>
> > Roy
> >=20
> > Yes you need a wpad entry in dns pointing to the internal ip of isa.
> >=20
> > Also make sure your wpad string is http://wpad/wpad.dat
> >=20
> >=20
> > WITH NO PORT NUMBER after the 1st wpad
> >=20
> > S
> >=20
> > -----Original Message-----
> > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=20
> > Sent: Friday, May 27, 2005 10:03 AM
> > To: ISA Mailing List
> > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
> >=20
> > http://www.ISAserver.org
> >=20
> > Dear Jim-san,
> >=20
> > Sorry for disturbing you a lot but please be advised that I am not
> pro.
> > in network (it is just my private fan to learn computer network
which
> is
> > far from my present career), nor I am a native English speaker but
> > oriental guy, please be patient!
> >=20
> > 1) unfiltered logs: I am not trying to hide it but it will be very
> hard
> > for you to read it out since my ISA version is not English so you
> > may not judge what it is. May I try to take it out and send it to
> > your private address.
> > 2) Brower configuration: the brower at client end has no setting
since
> > FWC is installed namely initially not setting and it becomes
> > autoconfiguration webproxy client as per FWC's setting. The
> > autoconfiguration is checked finally with no other options. That's
why
> I
> > did not answer the browser's question
> > 3) Request merchanisam on http://wpad...: It is really a helpful
> > information for me to know those form you. I can download wpad.dat
if
> I
> > replace "wpad"
> > into "firewall_host_name:8080". Shall I sent this file to you? Also,
> do
> > I need to configure DHCP to point WPAD into right ISABOX internal
> > address, I am getting confused in WPADed things aside from
> > autodectection.
> >=20
> > Thanks,
> >=20
> > Roy Tsao
> >=20
> > > The discussion centers on "autoconfiguration".
> > > This functionality is based on a request for http://wpad/wpad.dat
> from
> >=20
> > > the browser and http://wpad/wspad.dat from the FWC.
> > > This is why I want you to examine the wpad.dat.
> > >=20
> > > You still have not answered the browser question.
> > > You still have not provided unfiltered log entries.
> > >=20
> > > This isn't magic, Roy and I don't read minds.
> > > I do tire of playing oral surgeon, though.
> > >=20
> > > -----Original Message-----
> > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > > Sent: Thursday, May 26, 2005 9:04 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
> > >=20
> > > http://www.ISAserver.org
> > >=20
> > > Dear Harrison-san,
> > > =20
> > > The setting of my present VM lab ISA box is:
> > > - Access rules only two:
> > > 1) allow internal to external/all protocol /all users
> > > 2) deny all as default
> > > =20
> > > - Internal Network Property:
> > > <Firewall Client>=20
> > > [CHECK] Enable Firewall Client support
> > > [UNCHECK] Auto detect setting
> > > [CHECK] Auto config script
> > > [SELECT] Use custom URL =3D
> > http://isalocal.firewall.local:8080...
> > > [UNCHECK] Use a Web Proxy Server
> > > <Domain> =20
> > > *.firewall.local
> > > <Web Brower>=20
> > > [CHECK] Bypass Proxy for Web server in this network
> > > [CHECK] Directly Access computer specified in the Domain
tab.
> > > Directly Access server & domain: *.firewall.local
> > > <Web Proxy>
> > > [CHECK] Enable Web proxy client
> > > [CHECK] HTTP at 8080
> > > Authentication: [CHECK] Integrated/ Require All User to=20
> > > authenticate
> > > <Auto Discovery>
> > > No setting
> > > <Address>
> > > 10.0.0.0-10.0.0.255
> > > =20
> > > Web browser setting at client end will be automatically configured
> by
> > > FCW setting and become WebProxy client for HTTP.
> > > =20
> > > I don't know why I need a wpad.dat since no auto discocery.
> > > =20
> > >=20
> > >=20
> > >=20
> > >=20
> > >=20
> > >=20
> > >=20
> > > > Please stop trimming the thread.
> > > >=20
> > > > I advise that you provide more than a single modified log entry.
> > > > I can't help you if you insist on filtering the data.
> > > >=20
> > > > Additional questions:
> > > > Q1 - exactly how is the browser configured?
> > > > Q2 - exactly what is the web proxy configuration for the
Internal=20
> > > > network?
> > > > Q3 - when you do receive the wpad.dat file, exactly what data
is=20
> > > > found between "{" and "}" in:
> > > > "function MakeIPs"
> > > > And
> > > > "function MakeNames()"
> > > >=20
> > > >=20
> > > > -----Original Message-----
> > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > > > Sent: Thursday, May 26, 2005 3:22 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004
> > > >=20
> > > > http://www.ISAserver.org
> > > >=20
> > > > I did understand your points, also I have took a examin at
whole=20
> > > > logs before & after changing from FQDN to hostname.
> > > >=20
> > > > Anyhow, when FQDN is used, there is POPUP asking for
> authentication,
> >=20
> > > > could you advise any possible reason?
> > > >=20
> > > > Thanks,
> > > >=20
> > > > Roy Tsao
> > > >=20
> > > >=20
> > > > Try not to "filter" the log data.
> > > > "Imaginary" information is useless.
> > > > If you have a problem sending it to the list, then you need
to=20
> > > > rethink your security model.
> > > > "Security by obscurity is no security at all".
> > > >=20
> > > > Also, you should examine more than a single log entry - it's
just
> as
> >=20
> > > > likely that you're looking at the wrong one.
> > > >=20
> > > > ------------------------------------------------------
> > > > List Archives: =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com=20
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org=20
> > > > Windows Security Resource Site:
http://www.windowsecurity.com/=20
> > > > Network Security Library: http://www.secinf.net/ Windows 2000/NT
> Fax
> >=20
> > > > Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
List
> > as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >=20
> > > > All mail to and from this domain is GFI-scanned.
> > >=20
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> Leading
> > > Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows
> > > Security Resource Site: http://www.windowsecurity.com/ Network=20
> > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax=20
> > > Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit=20
> > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >=20
> > > All mail to and from this domain is GFI-scanned.
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > isalist@xxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >=20
> > The correct technical term for haggis stalking is "havering".
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts: