• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Web proxy HOSTS File Config

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Web proxy HOSTS File Config Page: [1]
Login
Message << Older Topic   Newer Topic >>
Web proxy HOSTS File Config - 13.Sep.2012 3:39:36 AM   
big_dazza

 

Posts: 506
Joined: 24.Apr.2003
Status: offline
Hi

we have users setup as WP (auto-config URL)+FW clients. I want the users to be able to resolve record host.abc.com from their hosts file. I've added host.abc.com to the LDT but it still seems to resolve the Internet DNS record for this record instead of the HOSTS file IP. What am I missing?

Thanks
Post #: 1
RE: Web proxy HOSTS File Config - 14.Sep.2012 3:46:57 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Check out Jim Harrison's articles about the different ISA client types:
- http://www.isaserver.org/tutorials/ISA_Clients__Part_1__General_ISA_Server_Configuration.html
- http://www.isaserver.org/tutorials/ISA_Clients__Part_2_SecureNAT_and_Web_Proxy_Client.html
- http://www.isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Client.html

HTH,
Stefaan

(in reply to big_dazza)
Post #: 2
RE: Web proxy HOSTS File Config - 17.Sep.2012 7:51:49 AM   
big_dazza

 

Posts: 506
Joined: 24.Apr.2003
Status: offline
I know, or thought I did, about the various client configurations. And, as the clirtn is a WP client, I would have thought that adding a domain and/or FQDN hostname to the LDT would mean it would get resolved locally at the desktop. If I open my auto config script, under the section "CARPExceptions=new MakeCARPExceptions();" I see:

this[6]="host.abc.com";

So this should mean that the client desktop resolves it loally, no?
So, why when I have this record resolvable in the HOSTS file does it still try and go to the Internet address of host.abc.com?
Taking the auto config URL out of the IE config results in everything workign as anticipated.

(in reply to spouseele)
Post #: 3
RE: Web proxy HOSTS File Config - 17.Sep.2012 12:52:10 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
If the client is not configured as FWC as well, it should work when setting that site for direct access.

Note: make sure to restart IE and clear the DNS cache for every test.

HTH,
Stefaan

(in reply to big_dazza)
Post #: 4
RE: Web proxy HOSTS File Config - 19.Sep.2012 6:04:07 AM   
big_dazza

 

Posts: 506
Joined: 24.Apr.2003
Status: offline
If the clients ARE FW clients aswell, what is it that I need to do that I haven't?

Thanks

(in reply to spouseele)
Post #: 5
RE: Web proxy HOSTS File Config - 19.Sep.2012 1:42:54 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Well, maybe you should reread carefully http://www.isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Client.html . Also, http://blogs.isaserver.org/pouseele/2006/05/21/a-different-look-at-the-isa-clients/ may be helpful.

HTH,
Stefaan

(in reply to big_dazza)
Post #: 6
RE: Web proxy HOSTS File Config - 19.Sep.2012 4:19:10 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
The LDT has nothing to do with name resolution.

The LDT (AKA, the Domains Tab) in the Properties of the Internal Network,...only exists to identify Domains considered to exist on the Internal side of the TMG (reachable only via the TMG's Internal Nic). The entries have no relationship to name resolution.

< Message edited by pwindell -- 19.Sep.2012 4:20:52 PM >


_____________________________

Phillip Windell

(in reply to spouseele)
Post #: 7
RE: Web proxy HOSTS File Config - 19.Sep.2012 4:26:09 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Web Proxy clients will only wait for the TMG to do the resolution for them when the Protocol is HTTP, HTTPS, or FTP-Over-HTTP.

Firewall Clients may or may not wait for the TMG to do the resolution for them,...it depends on the centralized Firewall Clients Setting pull down from the TMG.

SecureNAT Clients will only operate as SecureNAT Clients for whatever traffic types do not fall into the first two catagories above,...and will do the resolution from the Client itself. Even local Host Files on the Client will only be used in such a case,...they would be ignore if the first two services above waited on the TMG for resolution.

_____________________________

Phillip Windell

(in reply to pwindell)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Web proxy HOSTS File Config Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts