[isalist] Re: Transparent Proxy
- From: "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 30 May 2006 10:59:22 -0700
This cleared is a bit. Thanks. Surf control issue was leading me to
wrong direction.
If I want to go down this road, (not having to change the IE settings
and install firewall client), then what would be the right thing to do
on this tab?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Tuesday, May 30, 2006 10:43 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Transparent Proxy
In regard to ISA, you don't have to create a "special" rule and don't
have to unbind the web filter from HTTP. A Snat client will
automatically use the web proxy of ISA without changing the browser
config nor installing the FWC. It works like that automatically. If
you don't want an Snat client to do that, you have to unbind the web
filter from the HTTP protocol, which you really don't want to do. You,
of course, must have an HTTP allow rule in place, but not the tcp:80 one
you are talking about creating.
t
On 5/30/06 10:35 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to
all:
Ok Tom,
So if I create a tcp:80 protocol and not bind it to web proxy filter and
create an allow rule from internal to external using that protocol, this
means I don't have to change any settings in IE nor installing firewall
client, right? And it also means it automatically goes to cache for
higher speed.
Thanks
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thomas W Shinder
Sent: Tuesday, May 30, 2006 10:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Transparent Proxy
The Web proxy filter hooks into the Firewall service and the SecureNAT
client requests are transparently forwarded through the Firewall Service
to the Web proxy filter.
The SurfControl issue was a programming snafu on the SurfControl's part,
not an ISA firewall problem, per se.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [
mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Ara Avvali
Sent: Tuesday, May 30, 2006 12:13 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Transparent Proxy
Hi
Let me get it straight. If I use a client which is using
internal side of ISA as default gateway, there is no need to make any
changes in web browser or installing firewall client? This doesn't make
any sense cause as far as I remember, there was a long discussion here
regarding surf control not being able to see none proxy requests so the
solution was to create a separate http:80 and not to bind it to web
proxy filter.
If transparent proxy was working, we never had to be worried
about none proxy requests.
Thanks
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [
mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Greg Mulholland
Sent: Monday, May 29, 2006 10:35 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Transparent Proxy
Yes it can
Securenat clients outbound internet traffic will be intercepted
by the web proxy service..
Greg Mulholland
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ara Avvali
Sent: Tue 30/05/2006 2:33 PM
To: isalist@xxxxxxxxxxxxx
Subject: Transparent Proxy
Hi Everyone,
As far I know and understand, doing so is not possible with ISA
server, right? You can't force/deploy ISA server without touching
clients otherwise they can't browse the net. According to this article
http://en.wikipedia.org/wiki/Proxy_server in transparent mode, all nat
requests are routed to proxy which opposed in ISA you have to setup IE
or deploy firewall client.
Any clarification is much appreciated.
Other related posts:
