I am kinda new to ISA 2004 so please bear with me.
I have ISA 2004 with Interscan VirusWall 6 installed (Same box).
I seem to have a problem where my clients are bypassing the Viruswall software.
ISA is sitting behind a PIX, and has the single NIC template deployed. I am getting confused how to get my clients to autodiscover the ISA and go to the listening port for ISVW.
In ISA under networks, under internal properties I have the web proxy set to 80. Auto discovery is set to port 3458. All desktops are set to auto discover, I have DHCP set with the 252 option for port 3458. Servers are hard coded because of DNS only using port 80 for wpad.
The way I understand it is the Auto discovery is just the port that the wpad file is handed out on.
How do I configure the wpad file to use a port for Internet access, and have the ISA serve use a different port to listen for requests.
Is the local host object (represents the ISA server) supposed to have in its web proxy settingconfigured? right now it is disabled.
RE: ISA 2004 w/Interscan 6 bypassing ISA - 19.Jan.2007 4:27:20 AM
Hi Brent, it's not going to work like so. First: get down Interscan from ISA, put on more NIC on ISA. ISA is a firewall not a proxy. Make sure you run it like so. the PIX will not provide the level of protection ISA does not even in a dream. If you want to run another applications on ISA like an antivirus or a another filter you have to make sure that this is an add-on for ISA like for example InterScan WebProtect for ISA. InterScan VirusWall is designed to run on a different box not on a firewall like ISA. Next: Don't mess with the proxy settings and with autodiscovery port if you don't know what you are doing. Leave them to default. for this you may want to read the below article: http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.html Have fun.
For Smtp scanning in Interscan you must publish interscan machine as an smtp server on the isa one, and on interscan machine smtp settings (relayable domain names and internal mail server addresses) must be configured.
In this scenario your clients proxy setup must include interscan address information and port settings.
In addition to the above reply, you can distribute proxy settings with group policy if your environment is ad active directory one.
But interscan system requirements may require another capable server..