Solved

ISA TMG forefront

Posted on 2011-09-15
5
1,357 Views
Last Modified: 2012-05-12
I have installed ISA server TMG forefront and its all working fine. I would like to force non-domain users to use proxy. I want them to use automatic proxy instead.
I have read about proxy.pac or WPAD. we want students to bring in their own laptops from home and connect to the school's network But we would like to have students bring in their own laptops which obviously will be non-domain laptops and be able to pull the proxy settings some how, so traffic can be filtered.
would anyone be able to help me??

thanks
TPHS
0
Comment
Question by:TePukeHighSchool
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
GRGrayban earned 334 total points
ID: 36547017
Best way to handle this is to have a separate NIC for wireless guests. All wireless access points are connected to this NIC. On the wireless system force gateway to be tmg server.  All users then will be going through proxy without any proxy settings. You can set rules for authenticated users versus all users to decide what guests should be blocked from. We configure our wireless for clients. Because employees like to use our wireless instead of cell service we block our smtp servers from NIC for wireless. This makes sure they will not use our bandwidth for their private use. In short... Two internal nics. One for domain and one for wireless.  Connect rules to either one or both.
0
 
LVL 2

Assisted Solution

by:GRGrayban
GRGrayban earned 334 total points
ID: 36547035
Follow up.set rules for wireless NIC not to allow any traffic anywhere else on the domain. If any shares are set for everyone, they will be able to browse/use. Also on wireless NIC, disable everything but ipv4. No browser services available then to these users. No net view, etc. Also there are 3rd party options to limit bandwidth if necessary. Think of pop up that makes them agree to terms, etc. Like qt Starbucks or other open guest networks.
0
 

Author Comment

by:TePukeHighSchool
ID: 36713310
thanks GRGrayban
so how do I make the users to go through proxy without proxy setting?? I think thats where I need the wpad?? which is what I want to know about. how do I set it up?? and does it work for non-domain users?? or it only works for domain users??

the way I have thing setup is that we have RUCKUS wireless system and I am creating a hotspot service (captive portal) where users are forced to web login using their active directory credentials. the problem at hand is that if I have the proxy setting manually set on the browser, I cannot access the web login page but if I remove it then I can access the page. so the thing here is that I want users to access the internet because after users are sucessfully authenticated, they will be automatically redirected to the school's intranet and from then they should click the intranet icon to web applications and they should have access to the internet. so in a nutshell HOW  DO i GO ABOUT MAKING users with devices that are not part of the domain to HAVE AUTOMATIC PROXY?? how do I configure my TMG to enable this??
0
 
LVL 6

Assisted Solution

by:infoplateform
infoplateform earned 166 total points
ID: 36938797
you can use RADIUS or basic authentication. You can also, fix the IPs for non-domain users and allow that particular IP range as anonymous users.

also check this


http://blogs.technet.com/b/isablog/archive/2006/06/29/439329.aspx

0
 

Author Comment

by:TePukeHighSchool
ID: 36941465
ok.. I will try using RADIUS. I actually have RADIUS installed.
basic authentication...? I have tried using it but it does not seem to work the way I want. because users are still asked authentication before they visit the net.


so in using basic authentication., will users be using automatic proxy?? so how do I set up automatic proxy??

thanks
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now