[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1536
  • Last Modified:

WPAD causing bypass for local addresses

We have a Forefront TMG array set up with WPAD set up using DHCP.

the machines are detecting this and using FTMG for all surfing.

We have set the "Bypass Proxy" set in FTMG as below.

Internal network properties
if the client machine attempts to browse to the IP address of an internal web server, it uses proxy to go there.. i.e. http://10.1.1.1/

if a client machine uses the fully qualified domain name to get to the web server, it uses proxy to get there.. i.e. http://webserver.company.local/

if a client machine uses the machine name without using the FQDN it bypasses proxy and goes direct. i.e. http://webserver/

My issue is that the client machines have no IP connectivity to the 10.1.1.1 server (and therefore whould go throug proxy)

I need all 3 routes to go through proxy.

Any suggestions?
0
Big_Steef
Asked:
Big_Steef
  • 4
  • 2
2 Solutions
 
vickzzCommented:
By Default if you try to browse Non- Contiguous or Non-FQDN web links from your browser it will not go to proxy.
So this behavior is by design
0
 
Big_SteefAuthor Commented:
Is there any way to force this traffic through proxy?
0
 
vickzzCommented:
One way to Install firewall Clients on machine. Is it possible in your environment?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Big_SteefAuthor Commented:
It is now one of the options..

so as far as i see the issue, the options are:

1. use the fqdn
2. install firewall client on the pcs
3. open the firewall rules to the server

how would i configure the firewall client if we were to go along that route and would it cause any problems with laptops when they leave the network?

thanks
0
 
vickzzCommented:
I dont think so there should be an issue with Firewall Clients if laptops are leaving the network because Firewall Clients will detect the Automatic config in IE and work accordingly.
0
 
vickzzCommented:
ISA Firewall Clients auto detect and sync with ISA if they are in Domain however if they are outside the network then they wont be able to find it so there will not be any issues.
0
 
Keith AlabasterCommented:
This is a link to one of my previous articles here on using and writing the proxy.pac. It may be useful to you.

http://www.experts-exchange.com/Networking/Windows_Networking/Q_25769612.html

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now