+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 31
Wireless Networks Thread, ISA server as a transparent proxy in Technical; Hi I am not to hot on this subject but is it possible to make ISA a transparent proxy? If ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468

    Unhappy ISA server as a transparent proxy

    Hi

    I am not to hot on this subject but is it possible to make ISA a transparent proxy? If so how is it done please?

    I have googled abit cannot find much, what i have found has gone over my head.

    cheers

    Z

  2. #2

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,079
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    Hi Mate,

    I found this - http://www.eggheadcafe.com/aspnet_an...st26977701.asp

    Have a look i think thats what u are looking for, there are also a few links at the bottom that explains things in a little more detail.

    Regards

    James

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Ok if that canít be done what can I do so you donít have to make any configuration on client machines? IE not having to put the proxy address in internet explorer etc.

    Thanks

  4. #4

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,459
    Thank Post
    408
    Thanked 672 Times in 614 Posts
    Rep Power
    192
    Quote Originally Posted by FN-Greatermanchester View Post
    Ok if that canít be done what can I do so you donít have to make any configuration on client machines? IE not having to put the proxy address in internet explorer etc.

    Thanks
    Just out of interest what is wrong with having to do that?

  5. #5

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,079
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    Thats a point really Edu-IT, I supose if it is only on a few machines then it could be no problem putting in the proxy. but if its on a wide range of client machines then supose it could be a bit of a hassel.

    Regards

    James

  6. #6

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,459
    Thank Post
    408
    Thanked 672 Times in 614 Posts
    Rep Power
    192
    Quote Originally Posted by TinyChimpboy View Post
    Thats a point really Edu-IT, I supose if it is only on a few machines then it could be no problem putting in the proxy. but if its on a wide range of client machines then supose it could be a bit of a hassel.

    Regards

    James
    You can use policies to apply proxy settings.

  7. #7

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,079
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    Quote Originally Posted by Edu-IT View Post
    You can use policies to apply proxy settings.
    I was just about to edit my post saying that lol, but i got an email saying what you put before i pressed Submit hehe, :P

    regards

    James

  8. #8

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    489
    Thank Post
    30
    Thanked 15 Times in 9 Posts
    Rep Power
    19
    Policies work well and generally in most cases are adequate.

    Other than that setting up a WPAD file on your network will point any client connected to the proxy server you would like. Google WPAD your find information on setting this up.

    This site might be a starting point:

    http://www.isaserver.org/tutorials/C...l-Clients.html
    Last edited by plock; 2nd February 2008 at 07:30 PM. Reason: URL addition

  9. #9

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Well we are a domain in a multiple forest, so users can logon our machines from another domain. But on some of these other domains there IP range is filtered by the LEA. They will not have any proxy server address typed in. so they could possibly get unfiltered internet. WPAD we cannot use either because guest laptops might not have automatically find the proxy server check box ticked. Also we cannot put policies on there computers. We canít set the firewall so it will only accept traffic that has been through out proxy because other users from other domains will have there proxy server onsite and will want there users to go through there proxy. We do set our users to go through the proxy server in GPO.

    I will attach a diagram soon.

  10. #10

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    489
    Thank Post
    30
    Thanked 15 Times in 9 Posts
    Rep Power
    19
    My understanding is if the client browser doesn't have any Proxy Server defined then regardless of 'Automatically detect...' being ticked it'll use the WPAD?

  11. #11

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Without a proxy server in the configuration it will first hit the default gateway on the highest priority active network adapter and see if it can get the pages directly otherwise if it is set to automatically detect it will look for a proxy.

    You can setup ISA as a transparent firewall that should run your traffic through filtering but I have not set it up transparently with a proxy. To enable it as a transparent firewall just add a rule that allows HTTP/HTTPs access from the internal network to the external network. You must have it as the default gateway of either the workstations that are trying to connect to it or as the default gateway in your top level router so that any traffic that cannot be serviced locally is sent to the ISA server for routing.

  12. #12

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,601
    Thank Post
    110
    Thanked 771 Times in 599 Posts
    Rep Power
    183
    By default, any client that uses ISA as its gateway will act as a 'Secure-NAT' client so any URLs that you block will not be accessible from those clients. However, this will not forward to an upstream proxy.

  13. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Thanks for the comments guys

    Quote Originally Posted by plock
    My understanding is if the client browser doesn't have any Proxy Server defined then regardless of 'Automatically detect...' being ticked it'll use the WPAD?
    I was told it does need to be checked, can anyone confirm if it does or doesn't please?

    Quote Originally Posted by Ric_
    By default, any client that uses ISA as its gateway will act as a 'Secure-NAT' client so any URLs that you block will not be accessible from those clients. However, this will not forward to an upstream proxy.
    So does that mean if i set the clients to use the proxy as the default gateway traffic will pass through it?

    Thanks

    Z
    Last edited by FN-GM; 3rd February 2008 at 06:27 PM.

  14. #14

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    489
    Thank Post
    30
    Thanked 15 Times in 9 Posts
    Rep Power
    19
    Quote Originally Posted by SYNACK View Post
    Without a proxy server in the configuration it will first hit the default gateway on the highest priority active network adapter and see if it can get the pages directly otherwise if it is set to automatically detect it will look for a proxy.
    According to this then for the WPAD to take effect 'Automatically detect...' would need to be ticked.

    If it isn't then it's using the default gateway rather than the WPAD which I had thought was the case.

  15. #15

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,601
    Thank Post
    110
    Thanked 771 Times in 599 Posts
    Rep Power
    183
    Quote Originally Posted by FN-Greatermanchester View Post
    So does that mean if i set the clients to use the proxy as the default gateway traffic will pass through it?
    Yes... unless of course ISA isn't set up in firewall mode.

  16. Thanks to Ric_ from:

    FN-GM (3rd February 2008)



SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Transparent squid + local IP addresses
    By jonathan.lees in forum *nix
    Replies: 1
    Last Post: 2nd December 2007, 02:20 AM
  2. Squid Transparent
    By Jackd in forum *nix
    Replies: 5
    Last Post: 10th October 2007, 03:12 PM
  3. Squid Transparent Proxy.
    By Jackd in forum Network and Classroom Management
    Replies: 2
    Last Post: 25th July 2007, 07:54 PM
  4. cachepilot/proxy server
    By ptrainor1 in forum Windows
    Replies: 12
    Last Post: 10th February 2006, 09:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •