This cleared is a bit. Thanks. Surf control issue was leading me to wrong direction. If I want to go down this road, (not having to change the IE settings and install firewall client), then what would be the right thing to do on this tab? ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Tuesday, May 30, 2006 10:43 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Transparent Proxy In regard to ISA, you don't have to create a "special" rule and don't have to unbind the web filter from HTTP. A Snat client will automatically use the web proxy of ISA without changing the browser config nor installing the FWC. It works like that automatically. If you don't want an Snat client to do that, you have to unbind the web filter from the HTTP protocol, which you really don't want to do. You, of course, must have an HTTP allow rule in place, but not the tcp:80 one you are talking about creating. t On 5/30/06 10:35 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to all: Ok Tom, So if I create a tcp:80 protocol and not bind it to web proxy filter and create an allow rule from internal to external using that protocol, this means I don't have to change any settings in IE nor installing firewall client, right? And it also means it automatically goes to cache for higher speed. Thanks ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thomas W Shinder Sent: Tuesday, May 30, 2006 10:24 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Transparent Proxy The Web proxy filter hooks into the Firewall service and the SecureNAT client requests are transparently forwarded through the Firewall Service to the Web proxy filter. The SurfControl issue was a programming snafu on the SurfControl's part, not an ISA firewall problem, per se. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [ mailto:isalist-bounce@xxxxxxxxxxxxx] <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Ara Avvali Sent: Tuesday, May 30, 2006 12:13 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Transparent Proxy Hi Let me get it straight. If I use a client which is using internal side of ISA as default gateway, there is no need to make any changes in web browser or installing firewall client? This doesn't make any sense cause as far as I remember, there was a long discussion here regarding surf control not being able to see none proxy requests so the solution was to create a separate http:80 and not to bind it to web proxy filter. If transparent proxy was working, we never had to be worried about none proxy requests. Thanks ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [ mailto:isalist-bounce@xxxxxxxxxxxxx] <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Greg Mulholland Sent: Monday, May 29, 2006 10:35 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Transparent Proxy Yes it can Securenat clients outbound internet traffic will be intercepted by the web proxy service.. Greg Mulholland ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ara Avvali Sent: Tue 30/05/2006 2:33 PM To: isalist@xxxxxxxxxxxxx Subject: Transparent Proxy Hi Everyone, As far I know and understand, doing so is not possible with ISA server, right? You can't force/deploy ISA server without touching clients otherwise they can't browse the net. According to this article http://en.wikipedia.org/wiki/Proxy_server in transparent mode, all nat requests are routed to proxy which opposed in ISA you have to setup IE or deploy firewall client. Any clarification is much appreciated.