• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Rule to bypass proxy server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Rule to bypass proxy server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Rule to bypass proxy server - 6.May2011 12:31:40 AM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
Hi, I am running ISA 2004 and all of the client which access to by the web browser need to assign the proxy setting and port in order to access the internet. Otherwise, it can't pass through my rule.

Recently my org. has a wireless and I configure all of client connection to the wireless has automatic ip address. The mobile device could obtain the ip address but the problem was some device do not have proxy configuration. So they can't access the web.

In this case, how should i configure the rule in ISA in order to let the user that can't configure proxy could access through the proxy server?

Thank,
Kanel
Post #: 1
RE: Rule to bypass proxy server - 6.May2011 11:13:03 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Run them as Firewall Clients or SecureNAT Clients.

_____________________________

Phillip Windell

(in reply to Mekong River)
Post #: 2
RE: Rule to bypass proxy server - 6.May2011 7:16:17 PM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
My client is already a securenat client. Because their default gateway are point to ISA internal IP address. But the problem was they need to configure proxy in the browser in order to access the web. this is the point that i do not prefer. What i want is just let them obtain ip automatically which is already have default gateway and dns and they could access the web. some people using mobile device such as iphone, htc... so they just got an ip they could browse.

I already create the rule as below:

Rule name: Allow all DHCP client to access internet (Enable: Yes)
Protocol: All outbound protocol
From: DHCP client (address range)
To: External
Content type: all content
Schedule: Any time
User: All user

this rule is the top rule but the user still can't access unless they configure the proxy and port. but some mobile device do not allow them to configure proxy setting.

What should i do? do you have any solution?

Thank,
Kanel

(in reply to pwindell)
Post #: 3
RE: Rule to bypass proxy server - 7.May2011 4:11:57 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
you have a single network adapter isa server ?

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Mekong River)
Post #: 4
RE: Rule to bypass proxy server - 7.May2011 5:29:54 AM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
I have 2 network adapter on my ISA server. Any idea?

(in reply to elmajdal)
Post #: 5
RE: Rule to bypass proxy server - 7.May2011 7:30:24 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Do you have the Require all users to authenticate enabled ?



_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Mekong River)
Post #: 6
RE: Rule to bypass proxy server - 7.May2011 11:49:36 AM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
Yes I do. Do I need to clear it? But my rule also specify to all user, it mean that i do not require authentication and this rule also set at the top of the other rule.

(in reply to elmajdal)
Post #: 7
RE: Rule to bypass proxy server - 7.May2011 7:30:30 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
remove it, as with this option enabled, you are forcing users to authenticate ! regardless of the rules used. as this is set up at the INTERNAL NETWORK Properties level.

in your case, you do not wish to authenticate user and you want to set them as SecureNet client.

remove this option, and the ALL Users rule will work.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Mekong River)
Post #: 8
RE: Rule to bypass proxy server - 8.May2011 2:22:43 AM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
hmmm.... if i remover this it would impact to the other rule. because what i want, i just want to ignore the dhcp client address range. for the other user, i still need authentication. otherwise, the rule that i set for the other purpose will not work as expected. could you please let me know any other solution?

(in reply to elmajdal)
Post #: 9
RE: Rule to bypass proxy server - 8.May2011 4:25:16 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
If you want authentication, then force it on the Rule level !

in your rules, set the rule for users from Active Directory for example, instead of using ALL Users. This will force users to authenticate .

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Mekong River)
Post #: 10
RE: Rule to bypass proxy server - 9.May2011 9:24:19 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
MS should have removed that option from the UI a long time ago.

_____________________________

Phillip Windell

(in reply to elmajdal)
Post #: 11
RE: Rule to bypass proxy server - 18.May2011 9:10:59 PM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
Thank you for your answer. After I have check with the log file for a few day, I found nothing problem with the rule. My rule is working fine. The problem is because ISA server do not submit the host head of the request android client to the upstream server. I have read this article http://support.microsoft.com/kb/920913 and found that my network environment is match with this situation (my network has ISA and route to upstream server (ISP) which do not running ISA server). Because ISA do not submit the host header that is why the upstream server is reject the client request.

Do you know how to make ISA submit the host header to the upstream server?

Thank,
Kanel

(in reply to elmajdal)
Post #: 12
RE: Rule to bypass proxy server - 21.Jul.2011 8:33:03 PM   
luluxiu

 

Posts: 6
Joined: 20.Jul.2011
Status: offline
You are forced to authenticate the user! Regardless of the rules. Because this is the level of the internal network properties. In your case, you do not want to authenticate users, you have to set up a safety net client...

_____________________________

Tera Items,Tera Gold Cheap,WOW Items

(in reply to Mekong River)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Rule to bypass proxy server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts