WPAD and PAC Configuration in ISA 2006

Posted on 2009-05-13
Last Modified: 2013-11-16
Hello All,

I'd like to setup my environment to use the Auto configuration option in ISA 2006.
I've read a couple of articles, and I'm only getting confused here (Not hard at all really - being a noob...)

My situastion is as follows:
The domain is a Windows Server 2003 domain with workstations on Windows 2k and XP combined.
Workstations have IE 6 and IE7.
The ISA 2006 server is on Windows Server 2003, Internal network with one NIC configured.
This server should be a web proxy only server.

I have a lot of users that go off site and travel about (lucky pigs!)
At the moment they use an older ISA 2000 server as proxy server, wich is setup up through GP from AD.
This setting is only "Use Proxy server:  ISA2000" and port number.

I'd like to setup the new server to use Autoconfig in IE setting to point to the new ISA 2006 server, so that when users are not on my network, they can access the Internet directly, but when they are on my network, they have to use the proxy server.

I tried to use the Firewall Client app on my workstation, and it works, but for some reason it does not apply the network rules. I have URL set that blocks some sites, and when I use the ISA client, this does not work.

I'd like some help on how to manage this propperly.

Some questions:
Do I have to install the client software for the Autoconfig to work, or do I have to install the client software on all the workstations at all?
Can I use a pac file copied to all the workstations locally to point to the proxy server, tests if it can be accessed, and if not - go direct to the interent.


I'd like to setup autoconfig in IE to use the ISA server as a web proxy only.
Question by:Ampletrix
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 14

Expert Comment

ID: 24382845
You don't need to install the firewall client if you are planning to use ISA as a proxy only server. And you certainly don't need to use any pac filess for proxy configuration either.

Just enable automatic proxy configuration in ISA, create a new A record in your DNS for wpad pointing to your ISA server and set IE to "Automatically detect proxy settings" (either manually or using a GPO) and that's that.

Author Comment

ID: 24391032
Thanks Raj_GT,

I'm trying to configure the WPAD file as you suggested.
I've got the DNS entry in and the WPAD file on the wwwroot folder of my IIS server, but it's not grabing the right info from there.

I'll have a look for info on how to create my own wpad.dat config file.

Any info would be great!

Thanks again.

LVL 14

Accepted Solution

Raj-GT earned 500 total points
ID: 24393083
Your WPAD entry should actually point to the ISA Server. The ISA server will generate the WPAD.dat and WSPAD.dat files on the fly and supply to the clients upon request.

Once you have enabled automatic proxy configuration in ISA, tey browsing to http://isaservername/wapd.dat and you should get the file.

Author Comment

ID: 24401432
Thanks Raj-GT,

You're actually helping me with the same issue on another quetsion I raised with EE.
Please continue to help me on that one, as it is the same issue.

When I open the http://ISA_Server/wpad.dat - it does not work, but when I open
http://ISA_Server:8080/wpad.dat it works, but it has to work on port 80 because I'm only using DNS to resolve.

Apologies for logging the same question twice. I confused myself with several issues wich were the same problem.


Author Closing Comment

ID: 31581276
I logged the same problem twice due to being an ID 10 T
Apologies to everyone for causing any inconvenience.


Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question