Locking down "no proxy" traffic (Full Version)

All Forums >> [ISA 2006 Firewall] >> HTTP Filtering



Message


mriordan -> Locking down "no proxy" traffic (30.Oct.2012 1:00:39 PM)

Hi,
We have ISA 2006, and our regular clients work great. The ISA box passes all traffic along to our filtering software. But, if a user configures a browser to "No proxy" or is a user brings in a phone or laptop for wireless use, the device still goes through the ISA box to get to the internet, but ISA does not see the traffic to pass it off to the filter. Is there any way to force ISA to look at all http: traffic, even if the device is not configured to look for the ISA box via proxy settings or the ISA firewall client?
Thanks!




Bilaljk -> RE: Locking down "no proxy" traffic (5.Nov.2012 2:35:31 AM)

Hello !!

if you are using DHCP server along with ISA or other external server with internal network

so go through WPAD Script. it connects ISA uses without using firewall client. or not to configure proxy server.

This is the Step.

Windows 2003 DHCP

Click Start, click Programs, click Administrative Tools, and then click DHCP.
In the console tree, right-click on the DHCP server, click Set Predefined Options, and then click Add.
In Name type: WPAD
In Code type: 252
In Data type, select String, and then click OK.
In String, type URL of PAC file in format: http://computer name of IP:8080/wpad.dat
Right-click Server Options and click Configure Options.
Confirm that the Option 252 option is selected.

Once created we must then enable the option for a DHCP scope.

Click Start, click Programs, click Administrative Tools, and then click DHCP.
Right-click Scope Options and then click Configure Options.
Click Advanced, and then in Vendor Class, click Standard Options.
In Available Options, select the 252 Proxy Autodiscovery option and click OK.

and if you have configured DNS Server so you'll have to set the script in DNS server also its like:


Windows 2003 DNS

Click Start, click Programs, click Administrative Tools, and then click DNS.
In the console tree right-click on the applicable forward lookup zone and click New Host (A).
In Name type: wpad
In IP Address, enter the IP address of the web server hosting the wpad.dat file.



if you have any queries feel free to email me on mybilaljaved@gmail.com

Regards,

Bilal Javed




Page: [1]