I'm in the midst of planning our MS Firewall Client deployment, and am trying to account for the following: We currently have a GPO that includes several internal domains and IP address space for the "bypass proxy server for local addresses" setting within our Internet Explorer browsers. However I cannot find out how to specify an equivalent bypass list (of domains and IP address space) to the browser when the Firewall Client is enabled on the workstation. Therefore the workstation essentially get's a blank "bypass list". Which is causing certain webproxy client traffic (such as Java clients and multimedia plug-ins and internal HTTP processes that utilize Internet Explorer's Proxy Server setting) to arrive at ISA. But I want to avoid these webproxy connections from arriving at ISA, so that I don't have to create an allow rule for them, as well as removing an extra hop (extra point of failure), because these are all internal communications.
Side note: Our primary browser configuration is set to use the automatic configuration script and therefore we're running webproxy clients for all our internal browsers.
Anyone else run into this? What did you do?
< Message edited by abqtech -- 5.Oct.2007 2:33:11 PM >
Thanks for the reply, however.... I have 2004 with sp2, and the webproxy clients that use the routing script work properly, what does not work are the webproxy clients that cannot utilize a routing script, and therefore use the proxy server. And since the ISA Server is not furnishing a "bypass list" to the browsers proxy server / bypass proxy server for local addresses, I'm running into this problem. I think it may be a feature that is not configurable via the ISA MMC, perhaps a "work around" is availble to fix this issue, or maybe is a glaring oversight by microsoft.