Can ISA be configured to proxy certain web sites only

Posted on 2011-05-11
Last Modified: 2013-11-16
We are currently running ISA 2006, we are not using the web proxy, no workstations have any proxy server settings specified, but we have certain web sites now, on another network, which require a proxy server to be used.

My question is, is there anyway in ISA to create a rule that says, any web sites that match this rule, then use the following proxy server, otherwise go out to the internet.

I wan to aviod having to touch any settings on the client workstations if possible, ideally i don't want to have to configure the proxy settings in IE, or create any manual scripts to enable/disable the proxy or install the ISA firewall client. If anyone knows if this is possible to achieve this through ISA, great, if not i'm open to other suggestions
Question by:CENITSupport
    LVL 51

    Accepted Solution

    Not easily on a rule, no but this is what a proxy.pac file does for you. it allows - amongst other things - for you to select whether a browser should go directly to a site via networking rules or should be redirected to a proxy server plus the port number.

    The location of the proxy.pac file can be placed into the browser proxy settings directly, via group policy or by using the port 252 DHCP/wpad options.
    LVL 3

    Expert Comment

    "but we have certain web sites now, on another network, which require a proxy server to be used"

    if i understand correctly its possible, lets say you have

    One Office
    Two Network, 192.168.168x (A), 192.168.x.x (B).

    you have One ISA server with 2 or more NICs. now you want to disable Site for A, you can create one role that source A, Destination (Website), Action Deny, priority (as per network), enable.


    Author Comment

    what we are trying to achieve is to be able to proxy for certain web sites and not others. At the moment we don't use a proxy server anywhere in our environment, but we now require access to web sites that require the use of a proxy server, and are trying to come up with a solution that will enable us to use a proxy server for specific sites and allow us to set the proxy details, but allow all other web sites through avoiding the proxy all togetther.
    Ideally we didn't want to have to touch any settings on the client machines either with/without GPOs if we don't have to

    We don't want to deny access to any sites, merely redirect certain sites to use a web proxy.
    If we went down the route of using WPAD, can it be tied to a certain domain or would the settings be globabl to to speak

    From what you guys are saying, it's as we suspected, that there is no easy way to configure this through ISA and would therfore require the use of a proxy server configured through IE, whether it be via a GPO or WPad/pac files

    Author Comment

    Thank you for your help guys, we have decided to go down the route of creating a PAC file to specify which sites require a proxy server, and all others go DIRECT. We then pushed this setting out via GPO and it's working like a dream.

    LVL 51

    Expert Comment

    by:Keith Alabaster
    More than welcome.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now