+ Post New Thread
Results 1 to 13 of 13
Internet Related/Filtering/Firewall Thread, Microsoft ISA in Technical; Hi so I have a Microsoft ISA proxy server part of the domain mydomain.com (as an example). There are also ...
  1. #1

    Join Date
    Sep 2010
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Microsoft ISA

    Hi so I have a Microsoft ISA proxy server part of the domain mydomain.com (as an example). There are also many notebooks on the same domain. These notebooks via Group Policy are set so you cannot change the proxy. Now when the notebooks are taken offsite this present the problem that you cannot connect to the internet. So my question is can I make my ISA proxy a subdomain server of a real www domain e.g. mydomain.com (so it is proxy.mydomain.com) and use that as the IE proxy (proxy.mydomain.com:8080)? Will this work? Any one tried or done it? Could it work in theory?

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,060
    Thank Post
    853
    Thanked 2,675 Times in 2,269 Posts
    Blog Entries
    9
    Rep Power
    768
    This could work but unless you had it requireing authentication then you would be running an open proxy that anyone from the outside world could use. You could instead remove it as a proxy setting and add a rule to allow web traffic from inside the network to the internet. You could then just set the ISA server as the default gateway and the only way out to the internet would be via the proxied ISA server allowing only the protocols that you choose.

    When the clients were connected outside the school they would simple use the default gateway of wherever they were so it would all work automaticly.

  3. #3

    Join Date
    Sep 2010
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The proxy does require domain authentication. e.g. DOMAINNAME\USERNAME and PASSWORD.
    So I could make the proxy server open to the external and then set proxy.mydomain.com:8080 as the proxy (for an example) and it would then filter as per the rules in my ISA proxy

    correct? and this would not be an "open" proxy for anyone to use?
    Last edited by rhodrykorb; 26th September 2010 at 03:53 PM.

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,060
    Thank Post
    853
    Thanked 2,675 Times in 2,269 Posts
    Blog Entries
    9
    Rep Power
    768
    Yes that should work but you are limiting all laptops to the speed of your school network even if they are on a faster external link. Depending on your authentication type you may also be sending user credentials in cleartext or rather easily snoopable formats which could be a security concern. Using user certificates for authentication could mitigate this a bunch though. It depends on how important security is to you, Windows 7 and Server 2008 R2 can be used with a technology called DirectAccess which offers a persistant VPN link over HTTPS which can be reconfigured to pass all internet traffic through as well but this is best setup with Forefront User Access Gateway as it can be quite complex to setup.

  5. #5

    Join Date
    Sep 2010
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Okay so new scenario, how can I get it so that a user cannot change the proxy but if it cant detect it (because it is internal only) it will just apply no proxy?

  6. #6
    Cools's Avatar
    Join Date
    Jan 2009
    Location
    Bedfordshire
    Posts
    498
    Thank Post
    24
    Thanked 62 Times in 57 Posts
    Rep Power
    25
    I use a pac file if the PC cant get the files off site it goes direct.. if on site and gets the pack file then it uses the proxy..

    More info.. Proxy auto-config - Wikipedia, the free encyclopedia

    is the only way to get round the problem your having..

    or squid proxy..

  7. #7

    Join Date
    Sep 2010
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Do you have a PAC file for IE that you could send me? And notes on where and how to install it

  8. #8

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,038
    Thank Post
    160
    Thanked 909 Times in 713 Posts
    Blog Entries
    3
    Rep Power
    270

  9. #9

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    I have a vb script which we put on the desktop of all laptops (normally sixth form personal ones) - they have to run it - it asks are you in school yes or no - depending on the answer it will either insert the proxy or not. if you would like me to send it to you i will tomorrow.

    I find that using a Pac script once the user is not on the network its slow on first page load as its trying to find your servers
    Last edited by glennda; 26th September 2010 at 04:55 PM.

  10. #10

    Join Date
    Sep 2010
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Okay yeah if you could provide it that would be great

  11. #11

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    I am in the office from 10 oclock tomorrow if you PM me tomorrow with an Email address i will forward you the script

  12. #12

    Join Date
    Sep 2010
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    just did, thanks again. Much appreciated

  13. #13
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    ISA has a setting to automatically advertise the proxy, all you need to do is either setup auto proxy configuration via either dhcp or dns.

    Automatic Discovery for Firewall and Web Proxy Clients

    We have set the auto proxy discovery up here and laptops/netbooks work flawlessy onsite and off.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 13
    Last Post: 30th September 2010, 12:11 AM
  2. Microsoft Office Add-in: Microsoft Outlook SMS Add-in (MOSA)
    By faza in forum How do you do....it?
    Replies: 0
    Last Post: 16th November 2009, 02:05 PM
  3. Replies: 0
    Last Post: 4th March 2009, 10:26 AM
  4. Microsoft ISA 2006 Logon Image
    By Sylv3r in forum How do you do....it?
    Replies: 4
    Last Post: 4th December 2008, 03:06 PM
  5. Microsoft ISA
    By acrobson in forum How do you do....it?
    Replies: 7
    Last Post: 25th June 2007, 05:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •