Solved

WPAD causing bypass for local addresses

Posted on 2010-08-26
7
1,522 Views
Last Modified: 2012-08-14
We have a Forefront TMG array set up with WPAD set up using DHCP.

the machines are detecting this and using FTMG for all surfing.

We have set the "Bypass Proxy" set in FTMG as below.

Internal network properties
if the client machine attempts to browse to the IP address of an internal web server, it uses proxy to go there.. i.e. http://10.1.1.1/

if a client machine uses the fully qualified domain name to get to the web server, it uses proxy to get there.. i.e. http://webserver.company.local/

if a client machine uses the machine name without using the FQDN it bypasses proxy and goes direct. i.e. http://webserver/

My issue is that the client machines have no IP connectivity to the 10.1.1.1 server (and therefore whould go throug proxy)

I need all 3 routes to go through proxy.

Any suggestions?
0
Comment
Question by:Big_Steef
  • 4
  • 2
7 Comments
 
LVL 4

Accepted Solution

by:
vickzz earned 250 total points
ID: 33530943
By Default if you try to browse Non- Contiguous or Non-FQDN web links from your browser it will not go to proxy.
So this behavior is by design
0
 
LVL 3

Author Comment

by:Big_Steef
ID: 33530983
Is there any way to force this traffic through proxy?
0
 
LVL 4

Expert Comment

by:vickzz
ID: 33530997
One way to Install firewall Clients on machine. Is it possible in your environment?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 3

Author Comment

by:Big_Steef
ID: 33531169
It is now one of the options..

so as far as i see the issue, the options are:

1. use the fqdn
2. install firewall client on the pcs
3. open the firewall rules to the server

how would i configure the firewall client if we were to go along that route and would it cause any problems with laptops when they leave the network?

thanks
0
 
LVL 4

Expert Comment

by:vickzz
ID: 33531381
I dont think so there should be an issue with Firewall Clients if laptops are leaving the network because Firewall Clients will detect the Automatic config in IE and work accordingly.
0
 
LVL 4

Expert Comment

by:vickzz
ID: 33531562
ISA Firewall Clients auto detect and sync with ISA if they are in Domain however if they are outside the network then they wont be able to find it so there will not be any issues.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 33540685
This is a link to one of my previous articles here on using and writing the proxy.pac. It may be useful to you.

http://www.experts-exchange.com/Networking/Windows_Networking/Q_25769612.html

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MS Forefront UAG Support for Windows 10 1 664
How does the Internet Work? 6 102
VPN 101 - how and which protocol? 9 121
Changing from ADSL internet to Optical Fiber Internet 4 80
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question