[isalist] Re: Transparent Proxy
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 30 May 2006 12:06:36 -0700
I¹m sorry? I didn¹t get that. I should have just kept my mouth shut then ;)
I can¹t help you here...
t
On 5/30/06 11:43 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to all:
> Thanks for clarification. Yes I do have surf control and that was making me
> confused too.
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: Tuesday, May 30, 2006 11:24 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Transparent Proxy
>
> I¹m getting confused... For ISA to function this way, you don¹t have to do
> anything. Do you have surf control running? If so, I don¹t know what you
> have to do to accommodate the ³programming error² Tom was talking about. If
> you don¹t have it, you don¹t have to do anything. Just point your client¹s
> default gateway to the ISA internal interface and surf away (with proper HTTP
> rules in place, of course.)
>
> t
>
>
> On 5/30/06 10:59 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to all:
> This cleared is a bit. Thanks. Surf control issue was leading me to wrong
> direction.
> If I want to go down this road, (not having to change the IE settings and
> install firewall client), then what would be the right thing to do on this
> tab?
>
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thor (Hammer of God)
> Sent: Tuesday, May 30, 2006 10:43 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Transparent Proxy
>
> In regard to ISA, you don¹t have to create a ³special² rule and don¹t have to
> unbind the web filter from HTTP. A Snat client will automatically use the web
> proxy of ISA without changing the browser config nor installing the FWC. It
> works like that automatically. If you don¹t want an Snat client to do that,
> you have to unbind the web filter from the HTTP protocol, which you really
> don¹t want to do. You, of course, must have an HTTP allow rule in place, but
> not the tcp:80 one you are talking about creating.
>
>
> t
>
>
> On 5/30/06 10:35 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to all:
> Ok Tom,
> So if I create a tcp:80 protocol and not bind it to web proxy filter and
> create an allow rule from internal to external using that protocol, this means
> I don¹t have to change any settings in IE nor installing firewall client,
> right? And it also means it automatically goes to cache for higher speed.
> Thanks
>
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d>
> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thomas W Shinder
> Sent: Tuesday, May 30, 2006 10:24 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Transparent Proxy
>
> The Web proxy filter hooks into the Firewall service and the SecureNAT client
> requests are transparently forwarded through the Firewall Service to the Web
> proxy filter.
>
> The SurfControl issue was a programming snafu on the SurfControl's part, not
> an ISA firewall problem, per se.
>
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d>
>> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Ara Avvali
>> Sent: Tuesday, May 30, 2006 12:13 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Transparent Proxy
>> Hi
>> Let me get it straight. If I use a client which is using internal side of ISA
>> as default gateway, there is no need to make any changes in web browser or
>> installing firewall client? This doesn¹t make any sense cause as far as I
>> remember, there was a long discussion here regarding surf control not being
>> able to see none proxy requests so the solution was to create a separate
>> http:80 and not to bind it to web proxy filter.
>> If transparent proxy was working, we never had to be worried about none proxy
>> requests.
>> Thanks
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d>
>> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Greg Mulholland
>> Sent: Monday, May 29, 2006 10:35 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Transparent Proxy
>>
>>
>> Yes it can
>>
>>
>>
>> Securenat clients outbound internet traffic will be intercepted by the web
>> proxy service..
>>
>>
>>
>> Greg Mulholland
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ara Avvali
>> Sent: Tue 30/05/2006 2:33 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: Transparent Proxy
>>
>> Hi Everyone,
>>
>> As far I know and understand, doing so is not possible with ISA server,
>> right? You can't force/deploy ISA server without touching clients otherwise
>> they can't browse the net. According to this article
>> http://en.wikipedia.org/wiki/Proxy_server in transparent mode, all nat
>> requests are routed to proxy which opposed in ISA you have to setup IE or
>> deploy firewall client.
>>
>> Any clarification is much appreciated.
>
>
>
>
>
>
Other related posts:
