WPAD and PAC Configuration in ISA 2006

Posted on 2009-05-13
Last Modified: 2013-11-16
Hello All,

I'd like to setup my environment to use the Auto configuration option in ISA 2006.
I've read a couple of articles, and I'm only getting confused here (Not hard at all really - being a noob...)

My situastion is as follows:
The domain is a Windows Server 2003 domain with workstations on Windows 2k and XP combined.
Workstations have IE 6 and IE7.
The ISA 2006 server is on Windows Server 2003, Internal network with one NIC configured.
This server should be a web proxy only server.

I have a lot of users that go off site and travel about (lucky pigs!)
At the moment they use an older ISA 2000 server as proxy server, wich is setup up through GP from AD.
This setting is only "Use Proxy server:  ISA2000" and port number.

I'd like to setup the new server to use Autoconfig in IE setting to point to the new ISA 2006 server, so that when users are not on my network, they can access the Internet directly, but when they are on my network, they have to use the proxy server.

I tried to use the Firewall Client app on my workstation, and it works, but for some reason it does not apply the network rules. I have URL set that blocks some sites, and when I use the ISA client, this does not work.

I'd like some help on how to manage this propperly.

Some questions:
Do I have to install the client software for the Autoconfig to work, or do I have to install the client software on all the workstations at all?
Can I use a pac file copied to all the workstations locally to point to the proxy server, tests if it can be accessed, and if not - go direct to the interent.


I'd like to setup autoconfig in IE to use the ISA server as a web proxy only.
Question by:Ampletrix
  • 3
  • 2
LVL 14

Expert Comment

ID: 24382845
You don't need to install the firewall client if you are planning to use ISA as a proxy only server. And you certainly don't need to use any pac filess for proxy configuration either.

Just enable automatic proxy configuration in ISA, create a new A record in your DNS for wpad pointing to your ISA server and set IE to "Automatically detect proxy settings" (either manually or using a GPO) and that's that.

Author Comment

ID: 24391032
Thanks Raj_GT,

I'm trying to configure the WPAD file as you suggested.
I've got the DNS entry in and the WPAD file on the wwwroot folder of my IIS server, but it's not grabing the right info from there.

I'll have a look for info on how to create my own wpad.dat config file.

Any info would be great!

Thanks again.

LVL 14

Accepted Solution

Raj-GT earned 500 total points
ID: 24393083
Your WPAD entry should actually point to the ISA Server. The ISA server will generate the WPAD.dat and WSPAD.dat files on the fly and supply to the clients upon request.

Once you have enabled automatic proxy configuration in ISA, tey browsing to http://isaservername/wapd.dat and you should get the file.

Author Comment

ID: 24401432
Thanks Raj-GT,

You're actually helping me with the same issue on another quetsion I raised with EE.
Please continue to help me on that one, as it is the same issue.

When I open the http://ISA_Server/wpad.dat - it does not work, but when I open
http://ISA_Server:8080/wpad.dat it works, but it has to work on port 80 because I'm only using DNS to resolve.

Apologies for logging the same question twice. I confused myself with several issues wich were the same problem.


Author Closing Comment

ID: 31581276
I logged the same problem twice due to being an ID 10 T
Apologies to everyone for causing any inconvenience.


Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now