Using TMG Server as a Transparent Proxy

[matthewc]

Hi,

We're also trying to setup TMG as a transparent proxy however we're having problems with HTTPS traffic. We also have a squid based RM proxy (SEGfL) and have specified it as an upstream proxy for external connections (proxy.segfl.ifl.net). We've purchased IsaScript and entered the script recommended in the previous post which seems to be working properly with HTTP traffic but we get timeouts when trying anything HTTPS.

For the upstream proxy we've tried the default of 8443 for SSL and also changed it to 8080 but it doesn't seem to make any difference. We've also set TMG to route the traffic from our WiFi network to the External connection but this hasn't had any effect either. Is there anything else we may need to change to get this working?

Any ideas anyone?


Cheers

[chrisjako]

I'm also trying to setup a transparent proxy with seperate VLAN network & IP range on an open SSID, when i direct the default gateway via DHCP to the forefront TMG server i get this on on an open client device:

IMG_0004[1].PNG

We're using ubiquiti unifi APs and the physical server running the controller software has two network cards 10.11.216.1 (open) and 10.11.227.14 (secure) - its also my DHCP server for the open network of which the gateway is set to 10.11.216.2 that is the third network card i setup in my TMG server, should I at least be getting http traffic with this setup?

[K.C.Leblanc]

Strange - still not working here. Again, it works if you enter the TMG server as the client's proxy but not without. I'll keep experimenting though.

I can't remember where I read it, but I saw somewhere that TMG doesn't work as a Transparent proxy with web chaining is the upstream proxy is running squid. I'm assuming your on SWGfL who use squid.

[matthewc]

Have you setup a rule to NAT the traffic from the seperate VLAN to your external connection?

[chrisjako]

yes the source network is "sjwifi" and set to route relation

Capture6.PNG

[richwil]

We have a similar problem with TMG acting as a transparent proxy for our guest wifi. We have a direct Internet connection so don't have any of the upstream issues that some are facing but still have an issue with SecureNAT clients accessing secure websites. http works fine. I wonder if Jamesfed or Jwood or anyone else who has this sorted are able to offer any assistance on this? We're beginning to think that we will have to require clients to enter proxy settings which as far as I can see would mean that Android users wouldn't be able to use the wifi.

Many thanks,

Richard

[jamesfed]

Sorry I only have experiance with the problems that Squid gave us - maybe it would be worth getting a trial of ISA Script and seeing if the script thats in a link in my previous posts will work?

All the same over the past few months we've noticed a decline in the number of Droid users with phones that don't support proxys so I can imagine within the next 6months-1 year we will be rid of this problem anyway.

[richwil]

Thanks for responding. I will have a look at the script and see if that helps. We are already using some software called captivate by the same company to get the SecureNAT clients to authenticate before they access the Internet.

I had a look at what devices were using the guest network and only about 13% were running Android. My understanding is that it's only Ice Cream Sandwich that supports proxy settings on Android or have you found that earlier versions allow users to put in Proxy info?

Cheers.