Hi, I am running ISA 2004 and all of the client which access to by the web browser need to assign the proxy setting and port in order to access the internet. Otherwise, it can't pass through my rule.
Recently my org. has a wireless and I configure all of client connection to the wireless has automatic ip address. The mobile device could obtain the ip address but the problem was some device do not have proxy configuration. So they can't access the web.
In this case, how should i configure the rule in ISA in order to let the user that can't configure proxy could access through the proxy server?
My client is already a securenat client. Because their default gateway are point to ISA internal IP address. But the problem was they need to configure proxy in the browser in order to access the web. this is the point that i do not prefer. What i want is just let them obtain ip automatically which is already have default gateway and dns and they could access the web. some people using mobile device such as iphone, htc... so they just got an ip they could browse.
I already create the rule as below:
Rule name: Allow all DHCP client to access internet (Enable: Yes) Protocol: All outbound protocol From: DHCP client (address range) To: External Content type: all content Schedule: Any time User: All user
this rule is the top rule but the user still can't access unless they configure the proxy and port. but some mobile device do not allow them to configure proxy setting.
Yes I do. Do I need to clear it? But my rule also specify to all user, it mean that i do not require authentication and this rule also set at the top of the other rule.
Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
remove it, as with this option enabled, you are forcing users to authenticate ! regardless of the rules used. as this is set up at the INTERNAL NETWORK Properties level.
in your case, you do not wish to authenticate user and you want to set them as SecureNet client.
remove this option, and the ALL Users rule will work.
hmmm.... if i remover this it would impact to the other rule. because what i want, i just want to ignore the dhcp client address range. for the other user, i still need authentication. otherwise, the rule that i set for the other purpose will not work as expected. could you please let me know any other solution?
Thank you for your answer. After I have check with the log file for a few day, I found nothing problem with the rule. My rule is working fine. The problem is because ISA server do not submit the host head of the request android client to the upstream server. I have read this article http://support.microsoft.com/kb/920913 and found that my network environment is match with this situation (my network has ISA and route to upstream server (ISP) which do not running ISA server). Because ISA do not submit the host header that is why the upstream server is reject the client request.
Do you know how to make ISA submit the host header to the upstream server?
You are forced to authenticate the user! Regardless of the rules. Because this is the level of the internal network properties. In your case, you do not want to authenticate users, you have to set up a safety net client...