quote:On the Direct Access tab you configure the IP addresses and/or domain names to which you want the Web Proxy Clients to directly connect without through the ISA ServerĘs Web Proxy Service.
So, does this mean that you CAN go to http sites on diff ports, and that your answer previously about not being able to by-passing web proxy service, is not valid "anymore" My ISA is installed in cache mode.
Dear Thomas, thank you for very useful article. I have some additional questions on the same topic.
When I set on Server properties "Ask unauthenticated users for identification" I've got two problems.
1. Now all the banners appearing in the IE window demand authentication and the domain authentication does not work, users must click "Cancel" to work further. As I can suppose the banners require their own authentication for banner servers but ISA Web Proxy sends the domain users' credentials that do not work. How can I solve this problem?
2. Not only Outlook Express has the problem with authentication on ISA Server. Some other applications, for example antivirus software such as Panda Antivirus or MSN Messenger, cannot pass ISA Web proxy authentication. What should I do?
1. There seems to be a bug that causes the authentication dialog box to come up when you enable that option. I have been able to get around it by configuring wpad entries and setting to clients to use autodetect ONLY.
2. You'll have to configure those sites to bypass the Web Proxy service as well, by configuring them for Direct Access.
Hi, Is this article is for web proxy client or only to FW client?. In diffrent words : for this article to work for me Do I need to install the proxy client on my client computers?.(to run setup from MSPCLNT share on the server)
From: Banjaluka, Bosnia and Herzegovina
I have one question and I hope someone can help me.
Goal: client wants to connect to internet through some other proxy (not ISA) but he's "under" ISA server.
I want to achieve the goal so can you explain what to do.. I need to enable redirect on ISA server so I can directly connect to some other proxy server (eg. anonomouy surfing) but also to maintan possibility to go to internet (when needed) through local ISA server..
If I try to connect to other proxy server (type into IE connection settings other proxy then local ISA server's address) I can't access anything. Alo there are some programs that need to connect through proxy and I don't want to use ISA server so I must use other anonymous proxy server but can't to connect because of ISA..
Any Idea what to do on client side and ISA server's side .. (I have access to ISA server so it's not a problem to set anything that's needed)
From: New Jersey
I appreciate your site and I have learned alot from gleaming the tutorials. All I can say is WOW!
Anyway, I have read the above mentioned Direct Access article and have I have to push our Web Proxy Exceptions list out of the browser GPO to the ISA server. This is due to our reaching the character limitation in the exceptions field in IE.
I have set up the LAT for all of my exception subnets (plus some) and the LDT for the domains. We don't use autoconfig scripts and we are not dual homed. We are authorized on the firewall to forward Internet requests. All of our proxy servers work with the exceptions in the browser but not via the LAT, LDT and Web Proxy service exceptions.
My dev server is installed in integrated mode so I have the Firewall service but we are not using it.
I just can't get the browsers to bypass the proxy to access Local Web based applications without the exceptions in the browser. I need to eliminate the exceptions from the browsers for centralized administrative purposes.
* All users are accessing ISA 2000 via Web Proxy. * Firewall client is not installed on their workstations. * All users are using IE 6 * IE is configured to download an .ins file for browser configuration. * All users who are "Domain Internet Users" are authenticated and have access to the internet
I have some users who need to access qnetexchange.org, which executes an applet that runs under Sun Java 1.4.2_05. This applet works when IE is configured when NOTHING is checked in the Tools > Internet Options > LAN Settings section. It fails when we have it configured to use our .ins file and points to the ISA Server.
I have set the Java Plug-In Control Panel to not use the Browser Settings for http/https/etc -- but it still appears that traffic is flowing to ISA -- and it fails -- with a 407 error.
I understand that SUN's Java does not support Windows Authentication (NTLM) -- which is why I was telling the Java Plug-In to NOT use the browser settings.
How can I get this working with Direct Access? I've tried setting up Direct Access for *.qnetexchange.org and it's IP address, but it's still failing.
I have ISA 2000 in my enviornment , I have two DNS one is global and on is Internal , the Global is not in my intranet it was managed by some company where else the internal DNS is managed by me becasue I have an Active directory Infrastructure , The problem is that in ISA server have two entries of DNS's one is given in prefered DNS where as in alternate DNS I have given the IP of external DNS , every thing is going very much fine , I mean Internet is working properly , one thing i want to clear here is that I am using ISA 2000 in one Interface card by using Nating means external Ip to internal ip maping , I have installed the secondary DNS on ISA server but the problem is that when i ping from ISA server to my internal DNS server it will take me too external DNS where the IP of my web server is not given because the web developer is still developing that site and my authorites dont want to publish that web site publicaly right now , they only want to access that web site internaly so far . I have also read your article of Direct access and configure the ISA server according to that article and also install the Sp2 of isa 2000 but still i am standing on the same problem please guide me and take me getrid of this problem i will be very thank full to you ,
Is there an equivalent version for ISA 2006 please?
I think I can find the equivalent functionality for most of what you refer to for ISA 2004, but I can't find how to configure the HTTP Redirector.
The reason I think I need to do this is because I need to give my users access to the resources on www.teachers.tv which are mostly presently as streamed Flash videos. My clients are all running the Firewall Client on XP Pro SP2. When users try to play the clips, the website times out and eventually says it can't find the .flv file.
Their tech support team said:
"1) There has been a change in the way our video files are streamed, and that this may be causing the problems you are experiencing. Is TCP port 1935 being blocked? For extra information we are now delivering our streaming videos using the RTMP protocol rather than the old HTTP streaming method.
2) We have moved our streaming servers and streaming video is now delivered from flv.world.mii-streaming.net. If you are using a Proxy server, that address will need to be added to your whitelist."
Since then, they've also suggested configuring the my setup to have a direct connection to this website. I think I know how to do this, but any assistance/confirmation would be much appreciated. :)