+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31
Wireless Networks Thread, ISA server as a transparent proxy in Technical; Originally Posted by FN-Greatermanchester Thanks for the comments guys I was told it does need to be checked, can anyone ...
  1. #16

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by FN-Greatermanchester View Post
    Thanks for the comments guys



    I was told it does need to be checked, can anyone confirm if it does or doesn't please?



    So does that mean if i set the clients to use the proxy as the default gateway traffic will pass through it?

    Thanks

    Z

    It only needs to be checked if you are using an automatic proxy configuration file on your network otherwise it just slows the initial connection to the web down.

    As Ric says so long as it is in firewall mode (has the rules that I talked about eairlier) it will allow the clients to access the web.

  2. #17

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,241
    Thank Post
    110
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    SO can ISA run as a transparent proxy, while also authenticating the client? If so would it work for FireFox/Safari on OS X?

  3. #18

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Thanks for the feedback, this is our setup & the problems we may face.
    Last edited by FN-GM; 25th June 2008 at 02:47 PM.

  4. #19

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    @psydii Yes this method will work with any browser on the network with no configuration as it is not seen as a proxy but just as the default path for internet traffic.

    @FN-Greatermanchester Is the router in the diagram your own locally managed one or the LEA one and are you subnetted inside your school.

    If you are not subnetted inside your school simply changing the Default gateway provided by DHCP to your ISA Box should ensure that they are all filtered. If your LEA proxy can be accessed transparently you could chain to that by setting the default gateway address on your ISA box to the LEA Proxy.

    If you are divided into more than one subnet inside your school then it becomes a little more complicated as you must change the routing configuration to put your ISA box as the default gateway for your networks to access the outside world and a separate rule for your ISA server to allow it to send its outbound traffic via the LEA.

  5. #20

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Hi

    That is our router, and we are over 5 subnets. We only use 3 though. 2 For DHCP machines and the other one for Servers. Hopefully i can get someone from the LEA to come and set it all up for us

    Cheers

    Z

  6. #21

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Hi guys

    Well, I now point the default gateway to the ISA server. Works fine. One more snag is that the proxy settings must be set to have a connection to the internet. How would I configure ISA so I do not need to configure the proxy settings on the client machines? Thanks.

  7. #22

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by FN-Greatermanchester View Post
    Hi guys

    Well, I now point the default gateway to the ISA server. Works fine. One more snag is that the proxy settings must be set to have a connection to the internet. How would I configure ISA so I do not need to configure the proxy settings on the client machines? Thanks.
    So long as you have set up a rule allowing all HTTP/HTTPS traffic from the internal network to the external + internal networks in the firewall policy you will not need any proxy settings.

    This is because their browser will look up the site via DNS, resolve it to an external IP address and then will send the request to the default gatewat (your ISA) as it is the only way that it knows of to get to the outside address. Your ISA server will see that it is HTTP from the internal network headed out to the external network and handle the rest for you.

  8. #23

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    allowing all HTTP/HTTPS
    We are running ISA 2000, please can you give me a clue of where to look and what i am looking for please?

    Thanks

  9. #24

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by FN-Greatermanchester View Post
    We are running ISA 2000, please can you give me a clue of where to look and what i am looking for please?

    Thanks
    Sorry FN its been that long since I have used ISA 2k that I can't recall the way that it is layed out. I'd have to dig out a copy of it and have a look. If you could post some screen shots of the ISA managment console with the options tree down the left hand side expanded I'm pretty sure that I can still point you in the right direction.

  10. #25

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    No worries, wil do it tomorrow.

    Z

  11. #26

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Sorry it took so long.... but here it is.

    Thanks for all your help
    Last edited by FN-GM; 25th June 2008 at 02:47 PM.

  12. #27

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    I'm pretty sure that you want to configure a rule in the
    Access Policy -> Protocol Rules

    If I remember correctly you want to configure the rule to allow the http and https protocols from the internal network specified in the LAT to the external network. This should allow your clients to use the firewall transparently.

    You may need to also right click on HC-Proxy, select properties for the inside listener and change the listening port to 80 but I am not entirely sure as its been a while.

    I'm still looking around for my old ISA 2k CD so if I eventually find it I may be able to check for you.
    Last edited by SYNACK; 25th February 2008 at 09:38 AM.

  13. #28

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Yes basically i want to configure ISA so i don't have to set the proxy setting on clients. On ISA 2004 it will let me do it automatically but i can't do it in ISA 2000.

    Thanks.

  14. #29

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,781
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    I supose if you like you can have a look round.

    Thanks

    Z

  15. #30

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by FN-Greatermanchester View Post
    I supose if you like you can have a look round.

    Thanks

    Z
    Wow enthusiasm. Anyway I looked it up, I was right it should work, no need to change the listener. https://thesource.ofallevil.com/tech....mspx?mfr=true

    Near the end of step 4:

    Creating an All Open Protocol Rule

    Protocol Rules allow internal network computers access to specific protocols when connecting to Internet servers. Examples of such protocols include the HTTP protocol that allows you to connect to Web servers and the FTP protocol that allows you to connect to FTP servers. You will create an All IP Traffic Protocol Rule that allows your network computers access to all Internet network protocols included in the Protocol Definitions node in the ISA Management console. Perform the following steps to create the Protocol Rule:

    WARNING:

    This configuration allows your network computers to access almost all content available on the Internet. However, there are some Internet applications that require special configuration. If you find Internet applications that do not work, please refer to the ISA Server 2000 Resources section for helpful information on solving the problem.

    1.


    Open the ISA Management console, expand the Servers and Arrays node and then expand your server name. Expand the Access Policy node and right click on the Protocol Rules node. Point to New and click Rule.

    2.


    In the Welcome to the New Protocol Rule Wizard page, enter All Open in the Protocol Rule name text box and click Next.

    3.


    Select the Allow option on the Rule Action page and click Next.

    4.


    Select the All IP traffic on the Protocols page and click Next.

    5.


    Accept the default settings, Always, on the Schedule page and click Next.

    6.


    Select the Any request option on the Client Type page and click Next.

    7.


    Click Finish on the Completing the New Protocol Rule Wizard page.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Transparent squid + local IP addresses
    By jonathan.lees in forum *nix
    Replies: 1
    Last Post: 2nd December 2007, 01:20 AM
  2. Squid Transparent
    By Jackd in forum *nix
    Replies: 5
    Last Post: 10th October 2007, 02:12 PM
  3. Squid Transparent Proxy.
    By Jackd in forum Network and Classroom Management
    Replies: 2
    Last Post: 25th July 2007, 06:54 PM
  4. cachepilot/proxy server
    By ptrainor1 in forum Windows
    Replies: 12
    Last Post: 10th February 2006, 08:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •