• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3406
  • Last Modified:

GPO which enables proxy settings on LAN and disables outside of corporate network

Hi all-

I currently have a barracuda web filter which I have configured as a proxy for my remote sites. When laptop users at remote sites are on the LAN proxy settings are applied through a gpo. When laptop users take their laptops home and connect to their home wireless network, the proxy settings still apply and they are not savy enough to figure out how to bypass this setting.

Is there any way to just have the proxy settings apply via gpo when they are on the LAN and to be disabled when the laptop users are remote. I know the easy solution is to tell them to uncheck the proxy settings in IE, but that will show them how to bypass the proxy when on the LAN. Could the proxy settings be applied through DHCP instead possibly? TIA
0
beargonefishing
Asked:
beargonefishing
  • 6
  • 5
1 Solution
 
Ankit_JainCommented:
These problems are common with proxy based setups for internet access. Try using an automatic proxy configuration script [.js / .jvs / .pac file]. Thus whenever the user is in LAN, the script will be enabled. Else if not reachable, the default proxy gets bypassed automatically.
The proxy automatic settings can be configured in GPO

Proxy-Automatic-Configuration-Sc.JPG
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
Previously when we had ISA in our setup, we had an autoconfig script for that. But that script kind of created itself. Not familiar with creating one of these files.

Would you recommend applying the proxy settings this way rather than through the proxy settings tab in the gpo. Could you please elaborate
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
Would something like this work for a PAC fiile.

function FindProxyForURL(url, host) { return "PROXY IPaddress:8080; DIRECT"; }

-where IP address is the ip address of my hardware appliance
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Ankit_JainCommented:
Sorry for the delay, yes thats the function which helps.
The process works this way.
1. You just have to configure the PAC file path in the GP. The proxy settings need not be specified.
2. Whenever the user accesses the browser, it checks whether the PAC file is available. If in LAN, the file will be available & browser will work from your proxy. If outside the network, the file wont be available & browser will function as without any Proxy settings.
3. Listed below is a sample script.
function FindProxyForURL(url, host)
{
var proxy_yes="PROXY IPAdress:8080";
var proxy_no="DIRECT";
//If you want certain local URL's to be bypassed from Proxy
if(shExpMatch(url,"*.URL.com*")) {return proxy_no}
//Proxy anything else
return proxy_yes;
}
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
Is there any kind of delay with opening the browser initially with a .pac file. Do you have this same setup in your environment.
0
 
Ankit_JainCommented:
yes & no. the pac file would be hardly in kb's. so the transfer delay would not be there.
yes we r using it in our env..
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
And do have have an ISA server or just a hardware appliance that use as a proxy.
0
 
Ankit_JainCommented:
its a linux box with squid running as proxy
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
I am going to test it tonight from home and i will let you know how it goes.
0
 
Ankit_JainCommented:
best of luck! :)
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
very thorough answer and timely response. Thanks!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now