Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Firewall client auto-config clears IE proxy exceptions
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Firewall client auto-config clears IE proxy exceptions - 24.Nov.2005 3:58:58 PM
|
|
|
hwilkins
Posts: 31
Joined: 30.Jul.2004
From: Memphis
Status: offline
|
For my internal network object, I have the follwing settings:
- Addresses: RFC1918 range (10/8,172.16/12, 192.168/16)
- Domains: all internal domains + a few servers that are "internal" in an otherwise external domain (i.e., DNS overrides)
- Web Browser: bypass-for-local checked, directly-access-computers-in-domains-tab checked, and RFC1918 addresses in the directly-access-these-servers-or-domains box.
Auto-configuration of the Firewall client itself is working, but every time it updates, it clears out the proxy exceptions in IE (Internet Tools | Optiuons | Connections | Lan Settings | Advanced | Exceptions); the proxy server is set correctly however.
Where is the list of proxy-exceptions stored if not in the "Web Browser" tab of the network object?, and assembled from a combination of that and the Domains tab?
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 24.Nov.2005 4:06:18 PM
|
|
|
Ashokk001
Posts: 232
Joined: 6.Oct.2005
Status: offline
|
hwilkins,
The firewall will override the settings and it will use the settings that you defined in the "Web Browser" tab on the network's properties. You should put all your execeptions there. Have you got firewall client installed on your PCs??
If you still having problem then i suggest you check out this article:
http://www.isaserver.org/tutorials/Bypassing-Firewall-Client-using-Locallatext-Files.html
Hope this helps.
Ashok.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 24.Nov.2005 6:22:42 PM
|
|
|
hwilkins
Posts: 31
Joined: 30.Jul.2004
From: Memphis
Status: offline
|
The firewall will override the settings and it will use the settings that you defined in the "Web Browser" tab on the network's properties. You should put all your execeptions there. Have you got firewall client installed on your PCs??
Yes, I have the firewall client, and having it set to auto-config works fine for the firewall client itself, and for the main proxy-server setting.
None of the exceptions from the "Web Browser" tab are being set; it actively clears the exceptions section on the PC when the local firewall client is updated.
I'll look at the article... thanks.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 24.Nov.2005 7:55:04 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
You're in the right ballpark, just need to explore more tabs. Take a look at the Web Proxy and Firewall Client tabs and report back what is set.
< Message edited by LLigetfa -- 24.Nov.2005 7:57:29 PM >
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 25.Nov.2005 2:20:21 PM
|
|
|
hwilkins
Posts: 31
Joined: 30.Jul.2004
From: Memphis
Status: offline
|
You're in the right ballpark, just need to explore more tabs. Take a look at the Web Proxy and Firewall Client tabs and report back what is set.
The Auto Discovery tab is checked and set to the default (port 80); the WPAD DNS entry is an alias for the cluster IP of the ISA 2k4EE servers.
On the Firewall Client tab, the "enable firewall client" is checked, and the DNS alias for the cluster IP is in the server field; in the "Web Browser" section, "use automatic configuration script" is checked, and is set to the default script, and "use a web proxy server" is checked, with the cluster DNS alias.
On the Web Proxy tab, "enable web proxy" is checked, and "Enable HTTP" is checked with the default port (8080).
< Message edited by hwilkins -- 25.Nov.2005 2:21:24 PM >
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 25.Nov.2005 5:28:12 PM
|
|
|
Ashokk001
Posts: 232
Joined: 6.Oct.2005
Status: offline
|
I don't think its sets that in the IE exception, the firewall client will work out that you have configured this as direct access and will not bother going to the isa server at all and instead it will go directly to the server you specify.
I think it probably stores the the copy of all this info on the client somewhere and caches it. I had a look at mine and i can't see anything on the IE exception list either even though i did specify quite a few exception on the web browser tab on the appropriate network's properties.
I then did a test and went to a local webserver that is on the internal network and tried to access it and it was fine and nothing was logged on isa at all so it bypassed the isa as expected.
Ashok.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 25.Nov.2005 5:44:25 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
I don't have my FWC set to configure the WP settings. I do have WPAD setup and if I set everything to auto, it works both for WP and for FWC.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 26.Nov.2005 4:19:15 PM
|
|
|
Ashokk001
Posts: 232
Joined: 6.Oct.2005
Status: offline
|
Good stuff! guys,
Some very good advice indeed!, I'll experiment further with the settings you guys describe.
Ashok.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 28.Nov.2005 7:00:56 PM
|
|
|
hwilkins
Posts: 31
Joined: 30.Jul.2004
From: Memphis
Status: offline
|
I don't think its sets that in the IE exception, the firewall client will work out that you have configured this as direct access and will not bother going to the isa server at all and instead it will go directly to the server you specify
I understand that the firewall client takes care of the exceptions in general, but if the firewall client gets disabled, then you are stuck with a proxy server set by the auto-config, but an exceptions-list that was cleared by it, which breaks many things for our network.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 28.Nov.2005 8:54:49 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
AFIAK, the standard order of precedence for port 80 traffic is that WP would trump FWC.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 28.Nov.2005 9:07:19 PM
|
|
|
hwilkins
Posts: 31
Joined: 30.Jul.2004
From: Memphis
Status: offline
|
AFIAK, the standard order of precedence for port 80 traffic is that WP would trump FWC
Yes, but if the FWC auto-config is always clearing the exception-list, I have an on-going problem...
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 28.Nov.2005 9:37:43 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Well... we could carry on this chicken-and-egg debate forever. If you hard code the IE WP exceptions, you are snookered. If you let the WP setting be auto as suggested, you should be fine.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 28.Nov.2005 9:50:42 PM
|
|
|
hwilkins
Posts: 31
Joined: 30.Jul.2004
From: Memphis
Status: offline
|
Well... we could carry on this chicken-and-egg debate forever. If you hard code the IE WP exceptions, you are snookered. If you let the WP setting be auto as suggested, you should be fi
I don't understand what you are saying -- if I leave the browser at auto-everything, when the firewall client is disabled I cannot browse to internal hosts that happen to have different domains than my default DNS domain...
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 28.Nov.2005 11:36:30 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
If you have internal hosts on different domains, just add them to the settings in ISA.
I have three internal domains defined as direct and have no problem.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 29.Nov.2005 9:16:04 PM
|
|
|
hwilkins
Posts: 31
Joined: 30.Jul.2004
From: Memphis
Status: offline
|
If you have internal hosts on different domains, just add them to the settings in ISA
OK, it does appear to be working now. I wonder if it was a replication thing and I just did not give it enough time to push our the changed WPAD.DAT with the additional domains...
It is still disconcerting that it actively clears the exceptions in Advanced though...
Thanks for your help and patience,
Bobby
|
|
|
|
|
RE: Firewall client auto-config clears IE proxy exceptions - 29.Nov.2005 9:52:23 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Glad you got it sorted.
I can see where you are coming from.. thinking the manual entries should override but the FWC *imposes* its entries, trumping the previous settings.
If you relied only on wpad for the IE settings, leaving FWC out of the mix, the manual entry would prevail since it is an either/or setting but esentially you are asking the FWC to set IE for you. If there is a need for exceptions, you can turn off that feature in the FWC eitehr manually or with the FWCTool.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
