I¹m sorry? I didn¹t get that. I should have just kept my mouth shut then ;) I can¹t help you here... t On 5/30/06 11:43 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to all: > Thanks for clarification. Yes I do have surf control and that was making me > confused too. > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Thor (Hammer of God) > Sent: Tuesday, May 30, 2006 11:24 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Transparent Proxy > > I¹m getting confused... For ISA to function this way, you don¹t have to do > anything. Do you have surf control running? If so, I don¹t know what you > have to do to accommodate the ³programming error² Tom was talking about. If > you don¹t have it, you don¹t have to do anything. Just point your client¹s > default gateway to the ISA internal interface and surf away (with proper HTTP > rules in place, of course.) > > t > > > On 5/30/06 10:59 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to all: > This cleared is a bit. Thanks. Surf control issue was leading me to wrong > direction. > If I want to go down this road, (not having to change the IE settings and > install firewall client), then what would be the right thing to do on this > tab? > > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thor (Hammer of God) > Sent: Tuesday, May 30, 2006 10:43 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Transparent Proxy > > In regard to ISA, you don¹t have to create a ³special² rule and don¹t have to > unbind the web filter from HTTP. A Snat client will automatically use the web > proxy of ISA without changing the browser config nor installing the FWC. It > works like that automatically. If you don¹t want an Snat client to do that, > you have to unbind the web filter from the HTTP protocol, which you really > don¹t want to do. You, of course, must have an HTTP allow rule in place, but > not the tcp:80 one you are talking about creating. > > > t > > > On 5/30/06 10:35 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> spoketh to all: > Ok Tom, > So if I create a tcp:80 protocol and not bind it to web proxy filter and > create an allow rule from internal to external using that protocol, this means > I don¹t have to change any settings in IE nor installing firewall client, > right? And it also means it automatically goes to cache for higher speed. > Thanks > > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> > <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thomas W Shinder > Sent: Tuesday, May 30, 2006 10:24 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Transparent Proxy > > The Web proxy filter hooks into the Firewall service and the SecureNAT client > requests are transparently forwarded through the Firewall Service to the Web > proxy filter. > > The SurfControl issue was a programming snafu on the SurfControl's part, not > an ISA firewall problem, per se. > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> >> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Ara Avvali >> Sent: Tuesday, May 30, 2006 12:13 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Transparent Proxy >> Hi >> Let me get it straight. If I use a client which is using internal side of ISA >> as default gateway, there is no need to make any changes in web browser or >> installing firewall client? This doesn¹t make any sense cause as far as I >> remember, there was a long discussion here regarding surf control not being >> able to see none proxy requests so the solution was to create a separate >> http:80 and not to bind it to web proxy filter. >> If transparent proxy was working, we never had to be worried about none proxy >> requests. >> Thanks >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> >> <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Greg Mulholland >> Sent: Monday, May 29, 2006 10:35 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Transparent Proxy >> >> >> Yes it can >> >> >> >> Securenat clients outbound internet traffic will be intercepted by the web >> proxy service.. >> >> >> >> Greg Mulholland >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ara Avvali >> Sent: Tue 30/05/2006 2:33 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: Transparent Proxy >> >> Hi Everyone, >> >> As far I know and understand, doing so is not possible with ISA server, >> right? You can't force/deploy ISA server without touching clients otherwise >> they can't browse the net. According to this article >> http://en.wikipedia.org/wiki/Proxy_server in transparent mode, all nat >> requests are routed to proxy which opposed in ISA you have to setup IE or >> deploy firewall client. >> >> Any clarification is much appreciated. > > > > > >