• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Proxy bypass list

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Proxy bypass list Page: [1]
Login
Message << Older Topic   Newer Topic >>
Proxy bypass list - 11.Oct.2007 3:43:20 PM   
abqtech

 

Posts: 216
Joined: 9.Mar.2004
Status: offline
Context:
When we deployed the firewall client, the ISA server Internal Network Domains tab included all our internal domains, and within the Internal Network Web Browser tab we've accounted for our Internal Domains and Internal Addressing as well as additional domains and addresses that are supplied in the routing script so that we furnish a comprehensive "bypass ISA Server list" to our web proxy clients utilizing the routing script.  However we're running into a deficiency in how Internet Explorer is being configured by the firewall client (via the firewall client web browser settings | Enable web browser automatic configuration), where the browser is not being supplied any "exceptions" for the Proxy Server "bypass proxy server for local addresses" area.  

Problem:
Web proxy clients that inherit the Proxy Server settings (from Internet Explorer) do not inherit a "bypass list" and send all requests to ISA, even the requests for local (domain or addresses) resources. Is there a way to resolve this with ISA 2004 or ISA 2006?

In other words:
Is there a way for ISA Server or the firewall client to supply a bypass proxy server for local addresses list within Internet Explorerís Proxy Server settings?

< Message edited by abqtech -- 15.Oct.2007 12:22:33 PM >
Post #: 1
RE: Proxy bypass list - 24.Oct.2007 10:35:39 AM   
jmilito

 

Posts: 321
Joined: 10.Oct.2006
From: MICHIGAN, US
Status: offline
Have you tried configuring IE with a group policy?

(in reply to abqtech)
Post #: 2
RE: Proxy bypass list - 24.Oct.2007 4:19:21 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

Is there a way for ISA Server or the firewall client to supply a bypass proxy server for local addresses list within Internet Explorerís Proxy Server settings?


Do u mean you want to see these lists inside IE ?

the answer is no, you will not see these lists inside IE.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to abqtech)
Post #: 3
RE: Proxy bypass list - 25.Oct.2007 1:25:01 PM   
abqtech

 

Posts: 216
Joined: 9.Mar.2004
Status: offline
Tarek,
You're correct I don't see the bypass list supplied in IE.  And web requests that make us of the proxy server are all directed to the proxy server, even for local sites and extranet sites.  The desire is to have a bypass list provided to IE's proxy server setting.

(in reply to elmajdal)
Post #: 4
RE: Proxy bypass list - 25.Oct.2007 1:49:17 PM   
abqtech

 

Posts: 216
Joined: 9.Mar.2004
Status: offline
Hi hmilito
We have a Group Policy that specified the necessary bypass list & proxy server, however the firewall client settings override what's being set by Group Policy.

The only thing I can think of that will resolve this problem is to Use a Group Policy that, sets the browser settings (use automatic configuration script & Proxy Server including bypass list) and then configure the firewall client so that it does not enable web browser automatic configuration.

Any one have other thoughts on this?

(in reply to jmilito)
Post #: 5
RE: Proxy bypass list - 26.Oct.2007 2:32:52 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
If you are configuring Direct Access the right way, then the list provided in ISA Server will not be passed to the HTTP Filter.
read this again : http://support.microsoft.com/kb/920715

another way you can acheive Direct Access is by doing the following:
  1. create a new http protocol, and do not bind it to the HTTP Filter
  2. create a new rule:
    allow  > protocols > from Internal > to Domain Name Set > Uses
    where Domain Name Set, included all the sites that you want to exclude passing thru the proxy .

HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to abqtech)
Post #: 6
RE: Proxy bypass list - 26.Oct.2007 9:29:52 AM   
abqtech

 

Posts: 216
Joined: 9.Mar.2004
Status: offline
Tarek,
Thanks for you reply and I have re-read that MS Article, however the issue that I'm trying to address, does not apply to that article, because the web proxy clients that are impacted by this are not WPAD or Routing.Script clients.  They are IE clients that have the Use Proxy Server for you LAN configured to point to ISA.  And some HTTP (web) requests generated by the client (could be an ActiveX, Java or Multimedia Plugin) are utilizing the ISA Server specified in Use Proxy Server for you LAN.  And when Use Proxy Server for you LAN is configured via the MS Firewall Client no bypass proxy server for local addresses is supplied.

Make Sense?   

(in reply to elmajdal)
Post #: 7
RE: Proxy bypass list - 26.Oct.2007 10:20:35 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
ok,

have u tried this :

quote:

  another way you can acheive Direct Access is by doing the following:

  1. create a new http protocol, and do not bind it to the HTTP Filter
  2. create a new rule:
    allow  > protocols > from Internal > to Domain Name Set > Uses
    where Domain Name Set, included all the sites that you want to exclude passing thru the proxy .


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to abqtech)
Post #: 8
RE: Proxy bypass list - 26.Oct.2007 11:01:24 AM   
abqtech

 

Posts: 216
Joined: 9.Mar.2004
Status: offline
I'll try it out, and get back to you.

Thanks

(in reply to elmajdal)
Post #: 9
RE: Proxy bypass list - 5.Nov.2007 10:00:15 AM   
abqtech

 

Posts: 216
Joined: 9.Mar.2004
Status: offline
Tarek,
I created a new protocol:
(TCP oubound 80, and does not have any filters applied to it.)
I created a Domain Name Set:
(Including our internal domains *.domain.com *.domainb.com *.domainc.com)

Then I created a rule as you suggested.
Allow -> newly created tcp 80 protocol -> from Internal ->to newly created DomainSet-> all users

However this did not achieve direct access for web proxy clients.

Are you able to duplicate this problem with one of your ISA Server/Web Proxy client environments?

(in reply to elmajdal)
Post #: 10
RE: Proxy bypass list - 12.Nov.2007 10:01:14 AM   
abqtech

 

Posts: 216
Joined: 9.Mar.2004
Status: offline
It seems that this is a deficiency within ISA 2004 & 2006, moderators do you care to confirm?

Thanks

(in reply to abqtech)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Proxy bypass list Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts