Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I have WPAD DHCP 252 setup and working fine. The FWC detects ISA. I also have the FWC set IE to "Use automatic configuration script" and this is where it is letting me down. It does not allow me to manage exceptions at the client and exceptions at the server are not working for me.
My ISA internal NIC is in the 10.198.0.0 subnet which is defined in ISA as Internal. On this Internal network, I also have the IP range 192.168.0.0 - 192.168.255.255 defined. I have several internal 192.168.y.z subnets as network-behind-network and do not want ISA to get involved but yet if I try to access anything using the IP in the URL, ISA is intercepting it.
This particular 192. network sits behind a CheckPoint firewall and does not have a route through ISA. While we do NAT many of the 192 numbers into our 10 scope, there are a couple or servers we don't NAT and want to access direct. One in particular is our eSafe server that we use a non-standard port for SLL. I don't want to put in an 'A' record in our DNS. Why will ISA not play nice if I use the IP?
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:
ORIGINAL: spouseele why are exceptions defined on ISA not working for you?
If I had the answer to your question, I would be asking different questions. :( If I were half as smart as I think I am, I might even answer my own questions.
Exceptions based on domain are working and the default 10. network is excepted.
Care to grace me with your wisdom?
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:
why are exceptions defined on ISA not working for you?
I guess I do have the answer for you and I might even answer my own question.
On the Internal properties, Web Browser tab, I added today, the IP range 192.168.0.0 - 192.168.255.255 and then refreshed the FWC and did not get the expected result. Being the impatient person I am, I then posted here. I guess if I had waited long enough, I would not have wasted time posting since it works now.
I read on this forum that the FWC settings are refreshed at the client when you click "Detect Now" or "Test Server". Well... somebody lied... I clicked both of them many many times to no avail. I even clicked on "Configure Now" so much my mouse button is now shiny.
Hours later, my user for whom I was doing this change called to say I fixed it. I guess the FWC has an attitude and simply cannot be rushed.
Thanks
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
On the Internal properties, Web Browser tab, I added today, the IP range 192.168.0.0 - 192.168.255.255 and then refreshed the FWC and did not get the expected result.
A refresh of the FWC will not help to update the Web Browser settings.
If you look at the HTTP headers in the HTTP response, you will see a parameter Cache-Control as highlighted in the figure above. The value of this parameter is max-age=3000 what means that the downloaded wpad.dat file has a time-to-live of 50 minutes in the Internet Explorer cache. After that time the cached wpad.dat file is no longer valid and will be flushed from the Internet Explorer cache. You can monitor the content of the Internet Explorer cache at the location C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files.
Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I have read that article several times but somehow never connected those words to my situation. On an interesting side note... In looking at my wpad.dat file, I notice that if I populate the domains exceptions in the Web Browser tab, I get them doubled up from the Domains tab into wpad. So why then do the IPs not get picked up from the Addresses tab?
in the wpad.dat file you should find all the entries you have specified in the domain tab plus all the entries you have specified in the Web Browser tab. If there are double entries then you have configured that yourself. Therefore, I consider it a feature!
Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:
That thread was one of the few moments I regret on this forum. Sigh...
Hey... didn't mean to bring up a sore point.
We all have personalities and convictions that do not always align with others. That is what makes us human and life interesting. I look forward to your sometimes colourful and always enlightening responses.
Keep them coming!
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.