Wired Networks Thread, WPAD.DAT with IIS and DNS in Technical; Originally Posted by Tallwood_6
Has anyone else got it working from the zonedirector yet?
Just downloaded the new firmware. Going ...
20th January 2012, 01:57 PM #16
Just downloaded the new firmware. Going to install it this weekend and give this feature a try.
Originally Posted by Tallwood_6
We've already got wpad working on our domain, but I like the thought of it being on the controller, and a different file for each wlan.
23rd January 2012, 12:03 PM #17
I've setup wpad to be delivered via DNS to test and this works fine for firefox and and internet explorer via a wired connection however it only seems to work for firefox via wireless which i'm slightly baffled by. The wireless WLAN i'm testing with has no ACL configured, no Enable captive portal/Web authentication or Client Isolation so i cant workout whats teh cause. The ZoneDirector auto config i still cant get to work for firefox or IE though.
23rd January 2012, 12:10 PM #18
Isn't DHCP the preferred choice these days? I believe most things support this. The DNS method was not preferred as someone could easily bring their own machine named WPAD into a domain and cause some interesting problems with your network!!!
23rd January 2012, 12:20 PM #19
The DNS method is more widely supported across browsers apparently. You would have to have a machine joined to the domain called wpad, have removed the DNS exclusion for wpad and not have an existing record wpad in DNS for that exploit to work surely?
23rd January 2012, 12:51 PM #20
Web Proxy Autodiscovery Protocol - Wikipedia, the free encyclopedia
You are correct on that DHCP only really supported by IE and Chrome! Looks like the DNS method is still insecure though.
DNS lookup removes the first part of the domain name (presumably the client identifier) and replaces it with wpad. Then, it "moves up" in the hierarchy by removing more parts of the domain name, until it finds a WPAD PAC file or leaves the current organisation.
23rd January 2012, 01:16 PM #21
Well i've ascertained that there is nothing up with either of my two wpad.dat files anyway so the problem looks to be with the ruckus delivery to the clients.
23rd January 2012, 01:48 PM #22
i know this isnt useful but i used a transparent proxy between the clients and the NGFL proxy wich works nicely. uthenticated users use one vlan (Enterprise security) and unathenticated (WPA-PSK) is vlaned to the transparent proxy wich ports them directly to NGFL so they cant see our internal anything, and get fully filterd. As unauthenticated users they will need to get information from dhcp as they need corect ip addresses to function so not allowing them access to some form of dhcp is a desatrous idea.
23rd January 2012, 05:11 PM #23
- Rep Power
From my experience only Ipones/Ipads can pick WPAD settings and apply them. If you using an Android (unless rooted) or blackberry you cannot set a proxy into them and your WPAD will be ignored. I ended up setting up a transparent proxy to allow basic access for smartphones.
Originally Posted by PatRamsden
If I'm wrong then I apologies.
23rd January 2012, 06:01 PM #24
- Rep Power
I havent had a chance to try this yet, will be trying tomorrow when I am on site.
I have a feeling some people will have Android devices, I know some have Blackberrys. How would I go about setting up a transparent proxy?
3rd December 2013, 11:14 AM #25
- Rep Power
hi if it helps i have the same setup @PatRamsden
I am using the latest 188.8.131.52 build 15, i have hosted the wpad.dat file on the ZoneDirector,
created a DHCP entry for 252 and in the string value i entered the zonedirector ip and dat file i.e. "http://x.x.x.x/wpad.dat"
then unblcked the wpad from DNS, created a cname entry for the server hosting this wpad with WPAD and the server ip addresss
i have just try this and works fine on windows laptops!
just having trouble with android now, somehow need them to authenticate with the zone director so they can get the wpad file.
By tosca925 in forum General Chat
Last Post: 21st November 2011, 04:39 PM
By Joedetic in forum Thin Client and Virtual Machines
Last Post: 18th May 2006, 04:40 PM
By Ueline in forum Wireless Networks
Last Post: 7th December 2005, 11:00 AM
By tosca925 in forum Educational IT Jobs
Last Post: 11th November 2005, 01:15 PM
By Frazer in forum Windows
Last Post: 10th October 2005, 10:12 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)